diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 02ab437fb..aeb33ad8f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,7 +15,7 @@ ### Contributing code -* **All commits must be signed** with a valid key that has been added to your GitHub account. The commits should have all the "**Verified**" tag when viewed on GitHub as shown below: +* **All commits must be signed** with a valid key that has been added to your GitHub account. Each commit should have the "**Verified**" tag when viewed on GitHub as shown below: diff --git a/HOTFIX b/HOTFIX index d3f5a12fa..e69de29bb 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +0,0 @@ - diff --git a/README.md b/README.md index 4bff52b20..580590829 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.60 +## Security Onion 2.3.80 -Security Onion 2.3.60 is here! +Security Onion 2.3.80 is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index b98cdfb9b..1a8c028f3 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,17 +1,18 @@ -### 2.3.60 ISO image built on 2021/04/27 +### 2.3.80 ISO image built on 2021/09/27 + ### Download and Verify -2.3.60 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso +2.3.80 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso -MD5: 0470325615C42C206B028EE37A1AD897 -SHA1: 496E70BD529D3B8A02D0B32F68B8F7527C953612 -SHA256: 417E34DFCD63D84A16FF2041DC712F02D9E0515C8B78BDF0EE1037DD13C32030 +MD5: 24F38563860416F4A8ABE18746913E14 +SHA1: F923C005F54EA2A17AB225ADA0DA46042707AAD9 +SHA256: 8E95D10AF664D9A406C168EC421D943CB23F0D0C1813C6C2DBA9B4E131984018 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -25,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.60.iso.sig securityonion-2.3.60.iso +gpg --verify securityonion-2.3.80.iso.sig securityonion-2.3.80.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 01 Jul 2021 10:59:24 AM EDT using RSA key ID FE507013 +gpg: Signature made Mon 27 Sep 2021 08:55:01 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/VERSION b/VERSION index 678d59d4f..6c91a811d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.60 +2.3.90 diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml index 794105627..d02d7c785 100644 --- a/files/firewall/hostgroups.local.yaml +++ b/files/firewall/hostgroups.local.yaml @@ -16,6 +16,10 @@ firewall: ips: delete: insert: + endgame: + ips: + delete: + insert: fleet: ips: delete: diff --git a/pillar/elasticsearch/eval.sls b/pillar/elasticsearch/eval.sls index 2dbb08f59..84ff89a23 100644 --- a/pillar/elasticsearch/eval.sls +++ b/pillar/elasticsearch/eval.sls @@ -1,7 +1,7 @@ elasticsearch: templates: - so/so-beats-template.json.jinja - - so/so-common-template.json + - so/so-common-template.json.jinja - so/so-firewall-template.json.jinja - so/so-flow-template.json.jinja - so/so-ids-template.json.jinja @@ -10,4 +10,4 @@ elasticsearch: - so/so-ossec-template.json.jinja - so/so-strelka-template.json.jinja - so/so-syslog-template.json.jinja - - so/so-zeek-template.json.jinja \ No newline at end of file + - so/so-zeek-template.json.jinja diff --git a/pillar/elasticsearch/manager.sls b/pillar/elasticsearch/manager.sls index 9ff97de5b..8e31ca84e 100644 --- a/pillar/elasticsearch/manager.sls +++ b/pillar/elasticsearch/manager.sls @@ -1,7 +1,8 @@ elasticsearch: templates: - so/so-beats-template.json.jinja - - so/so-common-template.json + - so/so-common-template.json.jinja + - so/so-endgame-template.json.jinja - so/so-firewall-template.json.jinja - so/so-flow-template.json.jinja - so/so-ids-template.json.jinja diff --git a/pillar/elasticsearch/search.sls b/pillar/elasticsearch/search.sls index 9ff97de5b..8e31ca84e 100644 --- a/pillar/elasticsearch/search.sls +++ b/pillar/elasticsearch/search.sls @@ -1,7 +1,8 @@ elasticsearch: templates: - so/so-beats-template.json.jinja - - so/so-common-template.json + - so/so-common-template.json.jinja + - so/so-endgame-template.json.jinja - so/so-firewall-template.json.jinja - so/so-flow-template.json.jinja - so/so-ids-template.json.jinja diff --git a/pillar/logstash/init.sls b/pillar/logstash/init.sls index c2dfd9cfd..4e96b400d 100644 --- a/pillar/logstash/init.sls +++ b/pillar/logstash/init.sls @@ -1,6 +1,7 @@ logstash: docker_options: port_bindings: + - 0.0.0.0:3765:3765 - 0.0.0.0:5044:5044 - 0.0.0.0:5644:5644 - 0.0.0.0:6050:6050 diff --git a/pillar/logstash/manager.sls b/pillar/logstash/manager.sls index 6f3ba495b..fc0788824 100644 --- a/pillar/logstash/manager.sls +++ b/pillar/logstash/manager.sls @@ -5,5 +5,6 @@ logstash: config: - so/0009_input_beats.conf - so/0010_input_hhbeats.conf + - so/0011_input_endgame.conf - so/9999_output_redis.conf.jinja \ No newline at end of file diff --git a/pillar/logstash/search.sls b/pillar/logstash/search.sls index 10fab2ed1..a0ddf946e 100644 --- a/pillar/logstash/search.sls +++ b/pillar/logstash/search.sls @@ -13,3 +13,5 @@ logstash: - so/9500_output_beats.conf.jinja - so/9600_output_ossec.conf.jinja - so/9700_output_strelka.conf.jinja + - so/9800_output_logscan.conf.jinja + - so/9900_output_endgame.conf.jinja diff --git a/pillar/top.sls b/pillar/top.sls index efd222b87..b59da14e4 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -25,6 +25,9 @@ base: - data.* {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth +{% endif %} +{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %} + - kibana.secrets {% endif %} - secrets - global @@ -44,6 +47,9 @@ base: - elasticsearch.eval {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth +{% endif %} +{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %} + - kibana.secrets {% endif %} - global - minions.{{ grains.id }} @@ -55,6 +61,9 @@ base: - elasticsearch.search {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth +{% endif %} +{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %} + - kibana.secrets {% endif %} - data.* - zeeklogs @@ -102,6 +111,9 @@ base: - elasticsearch.eval {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth +{% endif %} +{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %} + - kibana.secrets {% endif %} - global - minions.{{ grains.id }} diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 665fdbe3d..0175953b0 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -35,6 +35,7 @@ 'influxdb', 'grafana', 'soc', + 'kratos', 'firewall', 'idstools', 'suricata.manager', @@ -45,7 +46,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'learn' ], 'so-heavynode': [ 'ca', @@ -99,6 +101,7 @@ 'manager', 'nginx', 'soc', + 'kratos', 'firewall', 'idstools', 'suricata.manager', @@ -108,7 +111,8 @@ 'zeek', 'schedule', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'learn' ], 'so-manager': [ 'salt.master', @@ -121,13 +125,15 @@ 'influxdb', 'grafana', 'soc', + 'kratos', 'firewall', 'idstools', 'suricata.manager', 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'learn' ], 'so-managersearch': [ 'salt.master', @@ -139,6 +145,7 @@ 'influxdb', 'grafana', 'soc', + 'kratos', 'firewall', 'manager', 'idstools', @@ -146,7 +153,8 @@ 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'learn' ], 'so-node': [ 'ca', @@ -168,6 +176,7 @@ 'influxdb', 'grafana', 'soc', + 'kratos', 'firewall', 'idstools', 'suricata.manager', @@ -178,7 +187,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'learn' ], 'so-sensor': [ 'ca', @@ -233,11 +243,16 @@ {% do allowed_states.append('elasticsearch') %} {% endif %} - {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %} - {% do allowed_states.append('kibana') %} + {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %} + {% do allowed_states.append('elasticsearch.auth') %} {% endif %} - {% if CURATOR and grains.role in ['so-eval', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %} + {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %} + {% do allowed_states.append('kibana') %} + {% do allowed_states.append('kibana.secrets') %} + {% endif %} + + {% if grains.role in ['so-eval', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-manager'] %} {% do allowed_states.append('curator') %} {% endif %} @@ -296,4 +311,4 @@ {% endif %} {# all nodes can always run salt.minion state #} -{% do allowed_states.append('salt.minion') %} \ No newline at end of file +{% do allowed_states.append('salt.minion') %} diff --git a/salt/ca/init.sls b/salt/ca/init.sls index 485b01d3e..9c30b5c5e 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -24,8 +24,9 @@ pki_private_key: - x509: /etc/pki/ca.crt {%- endif %} -/etc/pki/ca.crt: +pki_public_ca_crt: x509.certificate_managed: + - name: /etc/pki/ca.crt - signing_private_key: /etc/pki/ca.key - CN: {{ manager }} - C: US @@ -66,4 +67,4 @@ cakeyperms: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index 061b76271..35c6fd724 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -22,6 +22,7 @@ /opt/so/log/salt/so-salt-minion-check /opt/so/log/salt/minion /opt/so/log/salt/master +/opt/so/log/logscan/*.log { {{ logrotate_conf | indent(width=4) }} } diff --git a/salt/common/init.sls b/salt/common/init.sls index c8f1c7f12..17cea3480 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -9,6 +9,11 @@ rmvariablesfile: file.absent: - name: /tmp/variables.txt +dockergroup: + group.present: + - name: docker + - gid: 920 + # Add socore Group socoregroup: group.present: @@ -101,16 +106,24 @@ commonpkgs: - python3-m2crypto - python3-mysqldb - python3-packaging + - python3-lxml - git - vim heldpackages: pkg.installed: - pkgs: + {% if grains['oscodename'] == 'bionic' %} - containerd.io: 1.4.4-1 - docker-ce: 5:20.10.5~3-0~ubuntu-bionic - docker-ce-cli: 5:20.10.5~3-0~ubuntu-bionic - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-bionic + {% elif grains['oscodename'] == 'focal' %} + - containerd.io: 1.4.9-1 + - docker-ce: 5:20.10.8~3-0~ubuntu-focal + - docker-ce-cli: 5:20.10.5~3-0~ubuntu-focal + - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal + {% endif %} - hold: True - update_holds: True @@ -136,6 +149,7 @@ commonpkgs: - python36-m2crypto - python36-mysql - python36-packaging + - python36-lxml - yum-utils - device-mapper-persistent-data - lvm2 @@ -326,6 +340,16 @@ dockerreserveports: - name: /etc/sysctl.d/99-reserved-ports.conf {% if salt['grains.get']('sosmodel', '') %} + {% if grains['os'] == 'CentOS' %} +# Install Raid tools +raidpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - securityonion-raidtools + - securityonion-megactl + {% endif %} + # Install raid check cron /usr/sbin/so-raid-status > /dev/null 2>&1: cron.present: diff --git a/salt/common/tools/sbin/so-airgap-hotfixapply b/salt/common/tools/sbin/so-airgap-hotfixapply deleted file mode 100755 index 0149cdf61..000000000 --- a/salt/common/tools/sbin/so-airgap-hotfixapply +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -. /usr/sbin/so-common - -UPDATE_DIR=/tmp/sohotfixapply - -if [ -z "$1" ]; then - echo "No tarball given. Please provide the filename so I can run the hotfix" - echo "so-airgap-hotfixapply /path/to/sohotfix.tar" - exit 1 -else - if [ ! -f "$1" ]; then - echo "Unable to find $1. Make sure your path is correct and retry." - exit 1 - else - echo "Determining if we need to apply this hotfix" - rm -rf $UPDATE_DIR - mkdir -p $UPDATE_DIR - tar xvf $1 -C $UPDATE_DIR - - # Compare some versions - NEWVERSION=$(cat $UPDATE_DIR/VERSION) - HOTFIXVERSION=$(cat $UPDATE_DIR/HOTFIX) - CURRENTHOTFIX=$(cat /etc/sohotfix) - INSTALLEDVERSION=$(cat /etc/soversion) - - if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then - echo "Checking to see if there are hotfixes needed" - if [ "$HOTFIXVERSION" == "$CURRENTHOTFIX" ]; then - echo "You are already running the latest version of Security Onion." - rm -rf $UPDATE_DIR - exit 1 - else - echo "We need to apply a hotfix" - copy_new_files - echo $HOTFIXVERSION > /etc/sohotfix - salt-call state.highstate -l info queue=True - echo "The Hotfix $HOTFIXVERSION has been applied" - # Clean up - rm -rf $UPDATE_DIR - exit 0 - fi - else - echo "This hotfix is not compatible with your current version. Download the latest ISO and run soup" - rm -rf $UPDATE_DIR - fi - - fi -fi \ No newline at end of file diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index c3cdc0ea2..769dcc1e9 100755 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env python3 # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC # @@ -15,152 +15,199 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -. /usr/sbin/so-common +import ipaddress +import textwrap +import os +import subprocess +import sys +import argparse +import re +from lxml import etree as ET +from xml.dom import minidom +from datetime import datetime as dt +from datetime import timezone as tz -local_salt_dir=/opt/so/saltstack/local - -SKIP=0 - -function usage { - -cat << EOF - -Usage: $0 [-abefhoprsw] [ -i IP ] - -This program allows you to add a firewall rule to allow connections from a new IP address or CIDR range. - -If you run this program with no arguments, it will present a menu for you to choose your options. - -If you want to automate and skip the menu, you can pass the desired options as command line arguments. - -EXAMPLES - -To add 10.1.2.3 to the analyst role: -so-allow -a -i 10.1.2.3 - -To add 10.1.2.0/24 to the osquery role: -so-allow -o -i 10.1.2.0/24 - -EOF +LOCAL_SALT_DIR='/opt/so/saltstack/local' +WAZUH_CONF='/nsm/wazuh/etc/ossec.conf' +VALID_ROLES = { + 'a': { 'role': 'analyst','desc': 'Analyst - 80/tcp, 443/tcp' }, + 'b': { 'role': 'beats_endpoint', 'desc': 'Logstash Beat - 5044/tcp' }, + 'e': { 'role': 'elasticsearch_rest', 'desc': 'Elasticsearch REST API - 9200/tcp' }, + 'f': { 'role': 'strelka_frontend', 'desc': 'Strelka frontend - 57314/tcp' }, + 'o': { 'role': 'osquery_endpoint', 'desc': 'Osquery endpoint - 8090/tcp' }, + 's': { 'role': 'syslog', 'desc': 'Syslog device - 514/tcp/udp' }, + 'w': { 'role': 'wazuh_agent', 'desc': 'Wazuh agent - 1514/tcp/udp' }, + 'p': { 'role': 'wazuh_api', 'desc': 'Wazuh API - 55000/tcp' }, + 'r': { 'role': 'wazuh_authd', 'desc': 'Wazuh registration service - 1515/tcp' } } -while getopts "ahfesprbowi:" OPTION -do - case $OPTION in - h) - usage - exit 0 - ;; - a) - FULLROLE="analyst" - SKIP=1 - ;; - b) - FULLROLE="beats_endpoint" - SKIP=1 - ;; - e) - FULLROLE="elasticsearch_rest" - SKIP=1 - ;; - f) - FULLROLE="strelka_frontend" - SKIP=1 - ;; - i) IP=$OPTARG - ;; - o) - FULLROLE="osquery_endpoint" - SKIP=1 - ;; - w) - FULLROLE="wazuh_agent" - SKIP=1 - ;; - s) - FULLROLE="syslog" - SKIP=1 - ;; - p) - FULLROLE="wazuh_api" - SKIP=1 - ;; - r) - FULLROLE="wazuh_authd" - SKIP=1 - ;; - *) - usage - exit 0 - ;; - esac -done -if [ "$SKIP" -eq 0 ]; then +def validate_ip_cidr(ip_cidr: str) -> bool: + try: + ipaddress.ip_address(ip_cidr) + except ValueError: + try: + ipaddress.ip_network(ip_cidr) + except ValueError: + return False + return True - echo "This program allows you to add a firewall rule to allow connections from a new IP address." - echo "" - echo "Choose the role for the IP or Range you would like to add" - echo "" - echo "[a] - Analyst - ports 80/tcp and 443/tcp" - echo "[b] - Logstash Beat - port 5044/tcp" - echo "[e] - Elasticsearch REST API - port 9200/tcp" - echo "[f] - Strelka frontend - port 57314/tcp" - echo "[o] - Osquery endpoint - port 8090/tcp" - echo "[s] - Syslog device - 514/tcp/udp" - echo "[w] - Wazuh agent - port 1514/tcp/udp" - echo "[p] - Wazuh API - port 55000/tcp" - echo "[r] - Wazuh registration service - 1515/tcp" - echo "" - echo "Please enter your selection:" - read -r ROLE - echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" - read -r IP - if [ "$ROLE" == "a" ]; then - FULLROLE=analyst - elif [ "$ROLE" == "b" ]; then - FULLROLE=beats_endpoint - elif [ "$ROLE" == "e" ]; then - FULLROLE=elasticsearch_rest - elif [ "$ROLE" == "f" ]; then - FULLROLE=strelka_frontend - elif [ "$ROLE" == "o" ]; then - FULLROLE=osquery_endpoint - elif [ "$ROLE" == "w" ]; then - FULLROLE=wazuh_agent - elif [ "$ROLE" == "s" ]; then - FULLROLE=syslog - elif [ "$ROLE" == "p" ]; then - FULLROLE=wazuh_api - elif [ "$ROLE" == "r" ]; then - FULLROLE=wazuh_authd - else - echo "I don't recognize that role" - exit 1 - fi +def role_prompt() -> str: + print() + print('Choose the role for the IP or Range you would like to allow') + print() + for role in VALID_ROLES: + print(f'[{role}] - {VALID_ROLES[role]["desc"]}') + print() + role = input('Please enter your selection: ') + if role in VALID_ROLES.keys(): + return VALID_ROLES[role]['role'] + else: + print(f'Invalid role \'{role}\', please try again.', file=sys.stderr) + sys.exit(1) + -fi +def ip_prompt() -> str: + ip = input('Enter a single ip address or range to allow (ex: 10.10.10.10 or 10.10.0.0/16): ') + if validate_ip_cidr(ip): + return ip + else: + print(f'Invalid IP address or CIDR block \'{ip}\', please try again.', file=sys.stderr) + sys.exit(1) -echo "Adding $IP to the $FULLROLE role. This can take a few seconds" -/usr/sbin/so-firewall includehost $FULLROLE $IP -salt-call state.apply firewall queue=True -# Check if Wazuh enabled -if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then - # If analyst, add to Wazuh AR whitelist - if [ "$FULLROLE" == "analyst" ]; then - WAZUH_MGR_CFG="/nsm/wazuh/etc/ossec.conf" - if ! grep -q "$IP" $WAZUH_MGR_CFG ; then - DATE=$(date) - sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG - sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG - echo -e "\n \n $IP\n \n" >> $WAZUH_MGR_CFG - echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG." - echo - echo "Restarting OSSEC Server..." - /usr/sbin/so-wazuh-restart - fi - fi -fi +def wazuh_enabled() -> bool: + for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'): + with open(file, 'r') as pillar: + if 'wazuh: 1' in pillar.read(): + return True + return False + + +def root_to_str(root: ET.ElementTree) -> str: + xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '') + xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str) + xml_str = re.sub(r' -', '', xml_str) + xml_str = re.sub(r' -->', ' -->', xml_str) + dom = minidom.parseString(xml_str) + return dom.toprettyxml(indent=" ") + + +def add_wl(ip): + parser = ET.XMLParser(remove_blank_text=True) + with open(WAZUH_CONF, 'rb') as wazuh_conf: + tree = ET.parse(wazuh_conf, parser) + root = tree.getroot() + + source_comment = ET.Comment(f'Address {ip} added by /usr/sbin/so-allow on {dt.utcnow().replace(tzinfo=tz.utc).strftime("%a %b %e %H:%M:%S %Z %Y")}') + new_global = ET.Element("global") + new_wl = ET.SubElement(new_global, 'white_list') + new_wl.text = ip + + root.append(source_comment) + root.append(new_global) + + with open(WAZUH_CONF, 'w') as add_out: + add_out.write(root_to_str(root)) + + +def apply(role: str, ip: str) -> int: + firewall_cmd = ['so-firewall', 'includehost', role, ip] + salt_cmd = ['salt-call', 'state.apply', '-l', 'quiet', 'firewall', 'queue=True'] + restart_wazuh_cmd = ['so-wazuh-restart'] + print(f'Adding {ip} to the {role} role. This can take a few seconds...') + cmd = subprocess.run(firewall_cmd) + if cmd.returncode == 0: + cmd = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) + else: + return cmd.returncode + if cmd.returncode == 0: + if wazuh_enabled and role=='analyst': + try: + add_wl(ip) + print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) + except Exception as e: + print(f'Failed to add whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) + print(e) + return 1 + print('Restarting OSSEC Server...') + cmd = subprocess.run(restart_wazuh_cmd) + else: + return cmd.returncode + else: + print(f'Commmand \'{" ".join(salt_cmd)}\' failed.', file=sys.stderr) + return cmd.returncode + if cmd.returncode != 0: + print('Failed to restart OSSEC server.') + return cmd.returncode + + +def main(): + if os.geteuid() != 0: + print('You must run this script as root', file=sys.stderr) + sys.exit(1) + + main_parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=textwrap.dedent(f'''\ + additional information: + To use this script in interactive mode call it with no arguments + ''' + )) + + group = main_parser.add_argument_group(title='roles') + group.add_argument('-a', dest='roles', action='append_const', const=VALID_ROLES['a']['role'], help="Analyst - 80/tcp, 443/tcp") + group.add_argument('-b', dest='roles', action='append_const', const=VALID_ROLES['b']['role'], help="Logstash Beat - 5044/tcp") + group.add_argument('-e', dest='roles', action='append_const', const=VALID_ROLES['e']['role'], help="Elasticsearch REST API - 9200/tcp") + group.add_argument('-f', dest='roles', action='append_const', const=VALID_ROLES['f']['role'], help="Strelka frontend - 57314/tcp") + group.add_argument('-o', dest='roles', action='append_const', const=VALID_ROLES['o']['role'], help="Osquery endpoint - 8090/tcp") + group.add_argument('-s', dest='roles', action='append_const', const=VALID_ROLES['s']['role'], help="Syslog device - 514/tcp/udp") + group.add_argument('-w', dest='roles', action='append_const', const=VALID_ROLES['w']['role'], help="Wazuh agent - 1514/tcp/udp") + group.add_argument('-p', dest='roles', action='append_const', const=VALID_ROLES['p']['role'], help="Wazuh API - 55000/tcp") + group.add_argument('-r', dest='roles', action='append_const', const=VALID_ROLES['r']['role'], help="Wazuh registration service - 1515/tcp") + + ip_g = main_parser.add_argument_group(title='allow') + ip_g.add_argument('-i', help="IP or CIDR block to disallow connections from, requires at least one role argument", metavar='', dest='ip') + + args = main_parser.parse_args(sys.argv[1:]) + + if args.roles is None: + role = role_prompt() + ip = ip_prompt() + try: + return_code = apply(role, ip) + except Exception as e: + print(f'Unexpected exception occurred: {e}', file=sys.stderr) + return_code = e.errno + sys.exit(return_code) + elif args.roles is not None and args.ip is None: + if os.environ.get('IP') is None: + main_parser.print_help() + sys.exit(1) + else: + args.ip = os.environ['IP'] + + if validate_ip_cidr(args.ip): + try: + for role in args.roles: + return_code = apply(role, args.ip) + if return_code > 0: + break + except Exception as e: + print(f'Unexpected exception occurred: {e}', file=sys.stderr) + return_code = e.errno + else: + print(f'Invalid IP address or CIDR block \'{args.ip}\', please try again.', file=sys.stderr) + return_code = 1 + + sys.exit(return_code) + + +if __name__ == '__main__': + try: + main() + except KeyboardInterrupt: + sys.exit(1) + diff --git a/salt/common/tools/sbin/so-checkin b/salt/common/tools/sbin/so-checkin index c70701b71..4f0583906 100755 --- a/salt/common/tools/sbin/so-checkin +++ b/salt/common/tools/sbin/so-checkin @@ -17,4 +17,4 @@ . /usr/sbin/so-common -salt-call state.highstate -linfo +salt-call state.highstate -l info diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index c4f6aca30..86f883a43 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -99,6 +99,15 @@ check_password() { return $? } +check_password_and_exit() { + local password=$1 + if ! check_password "$password"; then + echo "Password is invalid. Do not include single quotes, double quotes, dollar signs, and backslashes in the password." + exit 2 + fi + return 0 +} + check_elastic_license() { [ -n "$TESTING" ] && return @@ -372,18 +381,29 @@ set_version() { fi } +has_uppercase() { + local string=$1 + + echo "$string" | grep -qP '[A-Z]' \ + && return 0 \ + || return 1 +} + valid_cidr() { # Verify there is a backslash in the string echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1 - - local cidr - local ip - cidr=$(echo "$1" | sed 's/.*\///') - ip=$(echo "$1" | sed 's/\/.*//' ) + valid_ip4_cidr_mask "$1" && return 0 || return 1 + + local cidr="$1" + local ip + ip=$(echo "$cidr" | sed 's/\/.*//' ) if valid_ip4 "$ip"; then - [[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1 + local ip1 ip2 ip3 ip4 N + IFS="./" read -r ip1 ip2 ip3 ip4 N <<< "$cidr" + ip_total=$((ip1 * 256 ** 3 + ip2 * 256 ** 2 + ip3 * 256 + ip4)) + [[ $((ip_total % 2**(32-N))) == 0 ]] && return 0 || return 1 else return 1 fi @@ -433,6 +453,23 @@ valid_ip4() { echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1 } +valid_ip4_cidr_mask() { + # Verify there is a backslash in the string + echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1 + + local cidr + local ip + + cidr=$(echo "$1" | sed 's/.*\///') + ip=$(echo "$1" | sed 's/\/.*//' ) + + if valid_ip4 "$ip"; then + [[ $cidr =~ ^([0-9]|[1-2][0-9]|3[0-2])$ ]] && return 0 || return 1 + else + return 1 + fi +} + valid_int() { local num=$1 local min=${2:-1} diff --git a/salt/common/tools/sbin/so-deny b/salt/common/tools/sbin/so-deny new file mode 100755 index 000000000..c13ea3f32 --- /dev/null +++ b/salt/common/tools/sbin/so-deny @@ -0,0 +1,213 @@ +#!/usr/bin/env python3 + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import ipaddress +import textwrap +import os +import subprocess +import sys +import argparse +import re +from lxml import etree as ET +from xml.dom import minidom + + +LOCAL_SALT_DIR='/opt/so/saltstack/local' +WAZUH_CONF='/nsm/wazuh/etc/ossec.conf' +VALID_ROLES = { + 'a': { 'role': 'analyst','desc': 'Analyst - 80/tcp, 443/tcp' }, + 'b': { 'role': 'beats_endpoint', 'desc': 'Logstash Beat - 5044/tcp' }, + 'e': { 'role': 'elasticsearch_rest', 'desc': 'Elasticsearch REST API - 9200/tcp' }, + 'f': { 'role': 'strelka_frontend', 'desc': 'Strelka frontend - 57314/tcp' }, + 'o': { 'role': 'osquery_endpoint', 'desc': 'Osquery endpoint - 8090/tcp' }, + 's': { 'role': 'syslog', 'desc': 'Syslog device - 514/tcp/udp' }, + 'w': { 'role': 'wazuh_agent', 'desc': 'Wazuh agent - 1514/tcp/udp' }, + 'p': { 'role': 'wazuh_api', 'desc': 'Wazuh API - 55000/tcp' }, + 'r': { 'role': 'wazuh_authd', 'desc': 'Wazuh registration service - 1515/tcp' } +} + + +def validate_ip_cidr(ip_cidr: str) -> bool: + try: + ipaddress.ip_address(ip_cidr) + except ValueError: + try: + ipaddress.ip_network(ip_cidr) + except ValueError: + return False + return True + + +def role_prompt() -> str: + print() + print('Choose the role for the IP or Range you would like to deny') + print() + for role in VALID_ROLES: + print(f'[{role}] - {VALID_ROLES[role]["desc"]}') + print() + role = input('Please enter your selection: ') + if role in VALID_ROLES.keys(): + return VALID_ROLES[role]['role'] + else: + print(f'Invalid role \'{role}\', please try again.', file=sys.stderr) + sys.exit(1) + + +def ip_prompt() -> str: + ip = input('Enter a single ip address or range to deny (ex: 10.10.10.10 or 10.10.0.0/16): ') + if validate_ip_cidr(ip): + return ip + else: + print(f'Invalid IP address or CIDR block \'{ip}\', please try again.', file=sys.stderr) + sys.exit(1) + + +def wazuh_enabled() -> bool: + for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'): + with open(file, 'r') as pillar: + if 'wazuh: 1' in pillar.read(): + return True + return False + + +def root_to_str(root: ET.ElementTree) -> str: + xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '') + xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str) + + # Remove specific substrings to better format comments on intial parse/write + xml_str = re.sub(r' -', '', xml_str) + xml_str = re.sub(r' -->', ' -->', xml_str) + + dom = minidom.parseString(xml_str) + return dom.toprettyxml(indent=" ") + + +def rem_wl(ip): + parser = ET.XMLParser(remove_blank_text=True) + with open(WAZUH_CONF, 'rb') as wazuh_conf: + tree = ET.parse(wazuh_conf, parser) + root = tree.getroot() + + global_elems = root.findall(f"global/white_list[. = '{ip}']/..") + if len(global_elems) > 0: + for g_elem in global_elems: + ge_index = list(root).index(g_elem) + if ge_index > 0 and root[list(root).index(g_elem) - 1].tag == ET.Comment: + root.remove(root[ge_index - 1]) + root.remove(g_elem) + + with open(WAZUH_CONF, 'w') as out: + out.write(root_to_str(root)) + + +def apply(role: str, ip: str) -> int: + firewall_cmd = ['so-firewall', 'excludehost', role, ip] + salt_cmd = ['salt-call', 'state.apply', '-l', 'quiet', 'firewall', 'queue=True'] + restart_wazuh_cmd = ['so-wazuh-restart'] + print(f'Removing {ip} from the {role} role. This can take a few seconds...') + cmd = subprocess.run(firewall_cmd) + if cmd.returncode == 0: + cmd = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) + else: + return cmd.returncode + if cmd.returncode == 0: + if wazuh_enabled and role=='analyst': + try: + rem_wl(ip) + print(f'Removed whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) + except Exception as e: + print(f'Failed to remove whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) + print(e) + return 1 + print('Restarting OSSEC Server...') + cmd = subprocess.run(restart_wazuh_cmd) + else: + return cmd.returncode + else: + print(f'Commmand \'{" ".join(salt_cmd)}\' failed.', file=sys.stderr) + return cmd.returncode + if cmd.returncode != 0: + print('Failed to restart OSSEC server.') + return cmd.returncode + + +def main(): + if os.geteuid() != 0: + print('You must run this script as root', file=sys.stderr) + sys.exit(1) + + main_parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=textwrap.dedent(f'''\ + additional information: + To use this script in interactive mode call it with no arguments + ''' + )) + + group = main_parser.add_argument_group(title='roles') + group.add_argument('-a', dest='roles', action='append_const', const=VALID_ROLES['a']['role'], help="Analyst - 80/tcp, 443/tcp") + group.add_argument('-b', dest='roles', action='append_const', const=VALID_ROLES['b']['role'], help="Logstash Beat - 5044/tcp") + group.add_argument('-e', dest='roles', action='append_const', const=VALID_ROLES['e']['role'], help="Elasticsearch REST API - 9200/tcp") + group.add_argument('-f', dest='roles', action='append_const', const=VALID_ROLES['f']['role'], help="Strelka frontend - 57314/tcp") + group.add_argument('-o', dest='roles', action='append_const', const=VALID_ROLES['o']['role'], help="Osquery endpoint - 8090/tcp") + group.add_argument('-s', dest='roles', action='append_const', const=VALID_ROLES['s']['role'], help="Syslog device - 514/tcp/udp") + group.add_argument('-w', dest='roles', action='append_const', const=VALID_ROLES['w']['role'], help="Wazuh agent - 1514/tcp/udp") + group.add_argument('-p', dest='roles', action='append_const', const=VALID_ROLES['p']['role'], help="Wazuh API - 55000/tcp") + group.add_argument('-r', dest='roles', action='append_const', const=VALID_ROLES['r']['role'], help="Wazuh registration service - 1515/tcp") + + ip_g = main_parser.add_argument_group(title='allow') + ip_g.add_argument('-i', help="IP or CIDR block to disallow connections from, requires at least one role argument", metavar='', dest='ip') + + args = main_parser.parse_args(sys.argv[1:]) + + if args.roles is None: + role = role_prompt() + ip = ip_prompt() + try: + return_code = apply(role, ip) + except Exception as e: + print(f'Unexpected exception occurred: {e}', file=sys.stderr) + return_code = e.errno + sys.exit(return_code) + elif args.roles is not None and args.ip is None: + if os.environ.get('IP') is None: + main_parser.print_help() + sys.exit(1) + else: + args.ip = os.environ['IP'] + + if validate_ip_cidr(args.ip): + try: + for role in args.roles: + return_code = apply(role, args.ip) + if return_code > 0: + break + except Exception as e: + print(f'Unexpected exception occurred: {e}', file=sys.stderr) + return_code = e.errno + else: + print(f'Invalid IP address or CIDR block \'{args.ip}\', please try again.', file=sys.stderr) + return_code = 1 + + sys.exit(return_code) + + +if __name__ == '__main__': + try: + main() + except KeyboardInterrupt: + sys.exit(1) diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test index 51d00e6fa..2d3106ab6 100755 --- a/salt/common/tools/sbin/so-elastalert-test +++ b/salt/common/tools/sbin/so-elastalert-test @@ -70,7 +70,7 @@ do done docker_exec(){ - CMD="docker exec -it so-elastalert elastalert-test-rule /opt/elastalert/rules/$RULE_NAME --config /opt/config/elastalert_config.yaml $OPTIONS" + CMD="docker exec -it so-elastalert elastalert-test-rule /opt/elastalert/rules/$RULE_NAME --config /opt/elastalert/config.yaml $OPTIONS" if [ "${RESULTS_TO_LOG,,}" = "y" ] ; then $CMD > "$FILE_SAVE_LOCATION" else diff --git a/salt/common/tools/sbin/so-elastic-auth-password-reset b/salt/common/tools/sbin/so-elastic-auth-password-reset new file mode 100644 index 000000000..f7456e5e6 --- /dev/null +++ b/salt/common/tools/sbin/so-elastic-auth-password-reset @@ -0,0 +1,155 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +source $(dirname $0)/so-common +require_manager + +user=$1 +elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users} +elasticAuthPillarFile=${ELASTIC_AUTH_PILLAR_FILE:-/opt/so/saltstack/local/pillar/elasticsearch/auth.sls} + +if [[ $# -ne 1 ]]; then + echo "Usage: $0 " + echo "" + echo " where is one of the following:" + echo "" + echo " all: Reset the password for the so_elastic, so_kibana, so_logstash, so_beats, and so_monitor users" + echo " so_elastic: Reset the password for the so_elastic user" + echo " so_kibana: Reset the password for the so_kibana user" + echo " so_logstash: Reset the password for the so_logstash user" + echo " so_beats: Reset the password for the so_beats user" + echo " so_monitor: Reset the password for the so_monitor user" + echo "" + exit 1 +fi + +# function to create a lock so that the so-user sync cronjob can't run while this is running +function lock() { + # Obtain file descriptor lock + exec 99>/var/tmp/so-user.lock || fail "Unable to create lock descriptor; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually." + flock -w 10 99 || fail "Another process is using so-user; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually." + trap 'rm -f /var/tmp/so-user.lock' EXIT +} + +function unlock() { + rm -f /var/tmp/so-user.lock +} + +function fail() { + msg=$1 + echo "$1" + exit 1 +} + +function removeSingleUserPass() { + local user=$1 + sed -i '/user: '"${user}"'/{N;/pass: /d}' "${elasticAuthPillarFile}" +} + +function removeAllUserPass() { + local userList=("so_elastic" "so_kibana" "so_logstash" "so_beats" "so_monitor") + + for u in ${userList[@]}; do + removeSingleUserPass "$u" + done +} + +function removeElasticUsersFile() { + rm -f "$elasticUsersFile" +} + +function createElasticAuthPillar() { + salt-call state.apply elasticsearch.auth queue=True +} + +# this will disable highstate to prevent a highstate from starting while the script is running +# will also disable salt.minion-state-apply-test allow so-salt-minion-check cronjob to restart salt-minion service incase +function disableSaltStates() { + printf "\nDisabling salt.minion-state-apply-test and highstate from running.\n\n" + salt-call state.disable salt.minion-state-apply-test + salt-call state.disable highstate +} + +function enableSaltStates() { + printf "\nEnabling salt.minion-state-apply-test and highstate.\n\n" + salt-call state.enable salt.minion-state-apply-test + salt-call state.enable highstate +} + +function killAllSaltJobs() { + printf "\nKilling all running salt jobs.\n\n" + salt-call saltutil.kill_all_jobs +} + +function soUserSync() { + # apply this state to update /opt/so/saltstack/local/salt/elasticsearch/curl.config on the manager + salt-call state.sls_id elastic_curl_config_distributed manager queue=True + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' saltutil.kill_all_jobs + # apply this state to get the curl.config + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.sls_id elastic_curl_config common queue=True + $(dirname $0)/so-user sync + printf "\nApplying logstash state to the appropriate nodes.\n\n" + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply logstash queue=True + printf "\nApplying filebeat state to the appropriate nodes.\n\n" + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode or G@role:so-sensor or G@role:so-fleet' state.apply filebeat queue=True + printf "\nApplying kibana state to the appropriate nodes.\n\n" + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch' state.apply kibana queue=True + printf "\nApplying curator state to the appropriate nodes.\n\n" + salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply curator queue=True +} + +function highstateManager() { + killAllSaltJobs + printf "\nRunning highstate on the manager to finalize password reset.\n\n" + salt-call state.highstate -linfo queue=True +} + +case "${user}" in + + so_elastic | so_kibana | so_logstash | so_beats | so_monitor) + lock + killAllSaltJobs + disableSaltStates + removeSingleUserPass "$user" + createElasticAuthPillar + removeElasticUsersFile + unlock + soUserSync + enableSaltStates + highstateManager + ;; + + all) + lock + killAllSaltJobs + disableSaltStates + removeAllUserPass + createElasticAuthPillar + removeElasticUsersFile + unlock + soUserSync + enableSaltStates + highstateManager + ;; + + *) + fail "Unsupported user: $user" + ;; + +esac + +exit 0 diff --git a/salt/common/tools/sbin/so-elasticsearch-roles-load b/salt/common/tools/sbin/so-elasticsearch-roles-load new file mode 100755 index 000000000..d094163ee --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-roles-load @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +{%- set mainint = salt['pillar.get']('host:mainint') %} +{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %} + +default_conf_dir=/opt/so/conf +ELASTICSEARCH_HOST="{{ MYIP }}" +ELASTICSEARCH_PORT=9200 + +# Define a default directory to load roles from +ELASTICSEARCH_ROLES="$default_conf_dir/elasticsearch/roles/" + +# Wait for ElasticSearch to initialize +echo -n "Waiting for ElasticSearch..." +COUNT=0 +ELASTICSEARCH_CONNECTED="no" +while [[ "$COUNT" -le 240 ]]; do + {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + if [ $? -eq 0 ]; then + ELASTICSEARCH_CONNECTED="yes" + echo "connected!" + break + else + ((COUNT+=1)) + sleep 1 + echo -n "." + fi +done +if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then + echo + echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'" + echo +fi + +cd ${ELASTICSEARCH_ROLES} + +echo "Loading templates..." +for role in *; do + name=$(echo "$role" | cut -d. -f1) + so-elasticsearch-query _security/role/$name -XPUT -d @"$role" +done + +cd - >/dev/null diff --git a/salt/common/tools/sbin/so-filebeat-module-setup b/salt/common/tools/sbin/so-filebeat-module-setup index 401f54289..14a3ebed2 100755 --- a/salt/common/tools/sbin/so-filebeat-module-setup +++ b/salt/common/tools/sbin/so-filebeat-module-setup @@ -54,7 +54,7 @@ PIPELINES=$({{ ELASTICCURL }} -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_ if [[ "$PIPELINES" -lt 5 ]]; then echo "Setting up ingest pipeline(s)" - for MODULE in activemq apache auditd aws azure barracuda bluecoat cef checkpoint cisco coredns crowdstrike cyberark cylance elasticsearch envoyproxy f5 fortinet gcp google_workspace googlecloud gsuite haproxy ibmmq icinga iis imperva infoblox iptables juniper kafka kibana logstash microsoft misp mongodb mssql mysql nats netscout nginx o365 okta osquery panw postgresql rabbitmq radware redis santa snort snyk sonicwall sophos squid suricata system tomcat traefik zeek zscaler + for MODULE in activemq apache auditd aws azure barracuda bluecoat cef checkpoint cisco coredns crowdstrike cyberark cylance elasticsearch envoyproxy f5 fortinet gcp google_workspace googlecloud gsuite haproxy ibmmq icinga iis imperva infoblox iptables juniper kafka kibana logstash microsoft mongodb mssql mysql nats netscout nginx o365 okta osquery panw postgresql rabbitmq radware redis santa snort snyk sonicwall sophos squid suricata system threatintel tomcat traefik zeek zscaler do echo "Loading $MODULE" docker exec -i so-filebeat filebeat setup modules -pipelines -modules $MODULE -c $FB_MODULE_YML diff --git a/salt/common/tools/sbin/so-firewall b/salt/common/tools/sbin/so-firewall index 86387fc24..9c16ffb15 100755 --- a/salt/common/tools/sbin/so-firewall +++ b/salt/common/tools/sbin/so-firewall @@ -35,6 +35,7 @@ def showUsage(options, args): print('') print(' General commands:') print(' help - Prints this usage information.') + print(' apply - Apply the firewall state.') print('') print(' Host commands:') print(' listhostgroups - Lists the known host groups.') @@ -66,11 +67,11 @@ def checkDefaultPortsOption(options): def checkApplyOption(options): if "--apply" in options: - return apply() + return apply(None, None) def loadYaml(filename): file = open(filename, "r") - return yaml.load(file.read()) + return yaml.safe_load(file.read()) def writeYaml(filename, content): file = open(filename, "w") @@ -328,7 +329,7 @@ def removehost(options, args): code = checkApplyOption(options) return code -def apply(): +def apply(options, args): proc = subprocess.run(['salt-call', 'state.apply', 'firewall', 'queue=True']) return proc.returncode @@ -356,7 +357,8 @@ def main(): "addport": addport, "removeport": removeport, "addhostgroup": addhostgroup, - "addportgroup": addportgroup + "addportgroup": addportgroup, + "apply": apply } code=1 diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup index a3aa013a2..d3ea4dca3 100755 --- a/salt/common/tools/sbin/so-fleet-setup +++ b/salt/common/tools/sbin/so-fleet-setup @@ -2,11 +2,16 @@ #so-fleet-setup $FleetEmail $FleetPassword +. /usr/sbin/so-common + if [[ $# -ne 2 ]] ; then echo "Username or Password was not set - exiting now." exit 1 fi +USER_EMAIL=$1 +USER_PW=$2 + # Checking to see if required containers are started... if [ ! "$(docker ps -q -f name=so-fleet)" ]; then echo "Starting Docker Containers..." @@ -17,8 +22,16 @@ fi docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done' -docker exec so-fleet fleetctl setup --email $1 --password $2 +# Create Security Onion Fleet Service Account + Setup Fleet +FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email) +FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password) +docker exec so-fleet fleetctl setup --email $FLEET_SA_EMAIL --password $FLEET_SA_PW --name SO_ServiceAccount --org-name SO + +# Create User Account +echo "$USER_PW" | so-fleet-user-add "$USER_EMAIL" + +# Import Packs & Configs docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml docker exec so-fleet fleetctl apply -f /packs/so/so-default.yml diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add index e905424a9..d31ec95c3 100755 --- a/salt/common/tools/sbin/so-fleet-user-add +++ b/salt/common/tools/sbin/so-fleet-user-add @@ -18,7 +18,7 @@ . /usr/sbin/so-common usage() { - echo "Usage: $0 " + echo "Usage: $0 " echo "" echo "Adds a new user to Fleet. The new password will be read from STDIN." exit 1 @@ -28,37 +28,42 @@ if [ $# -ne 1 ]; then usage fi -USER=$1 -MYSQL_PASS=$(lookup_pillar_secret mysql) -FLEET_IP=$(lookup_pillar fleet_ip) -FLEET_USER=$USER +USER_EMAIL=$1 +FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email) +FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password) +MYSQL_PW=$(lookup_pillar_secret mysql) # Read password for new user from stdin test -t 0 if [[ $? == 0 ]]; then echo "Enter new password:" fi -read -rs FLEET_PASS +read -rs USER_PASS -if ! check_password "$FLEET_PASS"; then - echo "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." - exit 2 -fi +check_password_and_exit "$USER_PASS" + +# Config fleetctl & login with the SO Service Account +CONFIG_OUTPUT=$(docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet 2>&1 ) +SALOGIN_OUTPUT=$(docker exec so-fleet fleetctl login --email $FLEET_SA_EMAIL --password $FLEET_SA_PW 2>&1) -FLEET_HASH=$(docker exec so-soctopus python -c "import bcrypt; print(bcrypt.hashpw('$FLEET_PASS'.encode('utf-8'), bcrypt.gensalt()).decode('utf-8'));" 2>&1) if [[ $? -ne 0 ]]; then - echo "Failed to generate Fleet password hash" - exit 2 + echo "Unable to add user to Fleet; Fleet Service account login failed" + echo "$SALOGIN_OUTPUT" + exit 2 fi -MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \ - "INSERT INTO users (password,salt,username,email,admin,enabled) VALUES ('$FLEET_HASH','','$FLEET_USER','$FLEET_USER',1,1)" 2>&1) +# Create New User +CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1) if [[ $? -eq 0 ]]; then echo "Successfully added user to Fleet" else echo "Unable to add user to Fleet; user might already exist" - echo "$MYSQL_OUTPUT" + echo "$CREATE_OUTPUT" exit 2 -fi \ No newline at end of file +fi + +# Disable forced password reset +MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ +"UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1) \ No newline at end of file diff --git a/salt/common/tools/sbin/so-fleet-user-delete b/salt/common/tools/sbin/so-fleet-user-delete new file mode 100644 index 000000000..3d07e2aa5 --- /dev/null +++ b/salt/common/tools/sbin/so-fleet-user-delete @@ -0,0 +1,56 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +usage() { + echo "Usage: $0 " + echo "" + echo "Deletes a user in Fleet" + exit 1 +} + +if [ $# -ne 1 ]; then + usage +fi + +USER_EMAIL=$1 +FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email) +FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password) + +# Config fleetctl & login with the SO Service Account +CONFIG_OUTPUT=$(docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet 2>&1 ) +SALOGIN_OUTPUT=$(docker exec so-fleet fleetctl login --email $FLEET_SA_EMAIL --password $FLEET_SA_PW 2>&1) + +if [[ $? -ne 0 ]]; then + echo "Unable to delete user from Fleet; Fleet Service account login failed" + echo "$SALOGIN_OUTPUT" + exit 2 +fi + +# Delete User +DELETE_OUTPUT=$(docker exec so-fleet fleetctl user delete --email $USER_EMAIL 2>&1) + +if [[ $? -eq 0 ]]; then + echo "Successfully deleted user from Fleet" +else + echo "Unable to delete user from Fleet" + echo "$DELETE_OUTPUT" + exit 2 +fi + + diff --git a/salt/common/tools/sbin/so-fleet-user-update b/salt/common/tools/sbin/so-fleet-user-update new file mode 100755 index 000000000..b9b0536df --- /dev/null +++ b/salt/common/tools/sbin/so-fleet-user-update @@ -0,0 +1,75 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +usage() { + echo "Usage: $0 " + echo "" + echo "Update password for an existing Fleet user. The new password will be read from STDIN." + exit 1 +} + +if [ $# -ne 1 ]; then + usage +fi + +USER=$1 + +MYSQL_PASS=$(lookup_pillar_secret mysql) +FLEET_IP=$(lookup_pillar fleet_ip) +FLEET_USER=$USER + +# test existence of user +MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \ + "SELECT count(1) FROM users WHERE email='$FLEET_USER'" 2>/dev/null | tail -1) +if [[ $? -ne 0 ]] || [[ $MYSQL_OUTPUT -ne 1 ]] ; then + echo "Test for email [${FLEET_USER}] failed" + echo " expect 1 hit in users database, return $MYSQL_OUTPUT hit(s)." + echo "Unable to update Fleet user password." + exit 2 +fi + +# Read password for new user from stdin +test -t 0 +if [[ $? == 0 ]]; then + echo "Enter new password:" +fi +read -rs FLEET_PASS + +if ! check_password "$FLEET_PASS"; then + echo "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." + exit 2 +fi + +FLEET_HASH=$(docker exec so-soctopus python -c "import bcrypt; print(bcrypt.hashpw('$FLEET_PASS'.encode('utf-8'), bcrypt.gensalt()).decode('utf-8'));" 2>&1) +if [[ $? -ne 0 ]]; then + echo "Failed to generate Fleet password hash" + exit 2 +fi + + +MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \ + "UPDATE users SET password='$FLEET_HASH', salt='' where email='$FLEET_USER'" 2>&1) + +if [[ $? -eq 0 ]]; then + echo "Successfully updated Fleet user password" +else + echo "Unable to update Fleet user password" + echo "$MYSQL_OUTPUT" + exit 2 +fi diff --git a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete new file mode 100755 index 000000000..f3338de84 --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete @@ -0,0 +1,17 @@ +# this script is used to delete the default Grafana dashboard folders that existed prior to Grafana dashboard and Salt management changes in 2.3.70 + +folders=$(curl -X GET http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders | jq -r '.[] | @base64') +delfolder=("Manager" "Manager Search" "Sensor Nodes" "Search Nodes" "Standalone" "Eval Mode") + +for row in $folders; do + title=$(echo ${row} | base64 --decode | jq -r '.title') + uid=$(echo ${row} | base64 --decode | jq -r '.uid') + + if [[ " ${delfolder[@]} " =~ " ${title} " ]]; then + curl -X DELETE http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders/$uid + fi +done + +echo "so-grafana-dashboard-folder-delete has been run to delete default Grafana dashboard folders that existed prior to 2.3.70" > /opt/so/state/so-grafana-dashboard-folder-delete-complete + +exit 0 diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 9b6e2174a..0b0f89698 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -17,6 +17,7 @@ # NOTE: This script depends on so-common IMAGEREPO=security-onion-solutions +STATUS_CONF='/opt/so/conf/so-status/so-status.conf' # shellcheck disable=SC2120 container_list() { @@ -137,6 +138,11 @@ update_docker_containers() { if [[ $result -eq 0 ]]; then cat $SIGNPATH/KEYS | gpg --import - >> "$LOG_FILE" 2>&1 fi + + # If downloading for soup, check if any optional images need to be pulled + if [[ $CURLTYPE == 'soup' ]]; then + grep -q "so-logscan" "$STATUS_CONF" && TRUSTED_CONTAINERS+=("so-logscan") + fi # Download the containers from the interwebs for i in "${TRUSTED_CONTAINERS[@]}" diff --git a/salt/common/tools/sbin/so-image-pull b/salt/common/tools/sbin/so-image-pull new file mode 100755 index 000000000..cf312acec --- /dev/null +++ b/salt/common/tools/sbin/so-image-pull @@ -0,0 +1,58 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common +. /usr/sbin/so-image-common + +usage() { + read -r -d '' message <<- EOM + usage: so-image-pull [-h] IMAGE [IMAGE ...] + + positional arguments: + IMAGE One or more 'so-' prefixed images to download and verify. + + optional arguments: + -h, --help Show this help message and exit. + EOM + echo "$message" + exit 1 +} + +for arg; do + shift + [[ "$arg" = "--quiet" || "$arg" = "-q" ]] && quiet=true && continue + set -- "$@" "$arg" +done + +if [[ $# -eq 0 || $# -gt 1 ]] || [[ $1 == '-h' || $1 == '--help' ]]; then + usage +fi + +TRUSTED_CONTAINERS=("$@") +set_version + +for image in "${TRUSTED_CONTAINERS[@]}"; do + if ! docker images | grep "$image" | grep ":5000" | grep -q "$VERSION"; then + if [[ $quiet == true ]]; then + update_docker_containers "$image" "" "" "/dev/null" + else + update_docker_containers "$image" "" "" "" + fi + else + echo "$image:$VERSION image exists." + fi +done diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin/so-import-evtx new file mode 100755 index 000000000..83815eecd --- /dev/null +++ b/salt/common/tools/sbin/so-import-evtx @@ -0,0 +1,176 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +{%- set MANAGER = salt['grains.get']('master') %} +{%- set VERSION = salt['pillar.get']('global:soversion') %} +{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%} +{%- set URLBASE = salt['pillar.get']('global:url_base') %} +{% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} +{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} + +INDEX_DATE=$(date +'%Y.%m.%d') +RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1) +LOG_FILE=/nsm/import/evtx-import.log + +. /usr/sbin/so-common + +function usage { + cat << EOF +Usage: $0 [evtx-file-2] [evtx-file-*] + +Imports one or more evtx files into Security Onion. The evtx files will be analyzed and made available for review in the Security Onion toolset. +EOF +} + + +function evtx2es() { + EVTX=$1 + HASH=$2 + + ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch") + ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch") + + docker run --rm \ + -v "$EVTX:/tmp/$RUNID.evtx" \ + --entrypoint evtx2es \ + {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \ + --host {{ MANAGERIP }} --scheme https \ + --index so-beats-$INDEX_DATE --pipeline import.wel \ + --login $ES_USER --pwd $ES_PW \ + "/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1 + + docker run --rm \ + -v "$EVTX:/tmp/import.evtx" \ + -v "/nsm/import/evtx-end_newest:/tmp/newest" \ + -v "/nsm/import/evtx-start_oldest:/tmp/oldest" \ + --entrypoint '/evtx_calc_timestamps.sh' \ + {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} +} + +# if no parameters supplied, display usage +if [ $# -eq 0 ]; then + usage + exit 1 +fi + +# ensure this is a Manager node +require_manager + +# verify that all parameters are files +for i in "$@"; do + if ! [ -f "$i" ]; then + usage + echo "\"$i\" is not a valid file!" + exit 2 + fi +done + +# track if we have any valid or invalid evtx +INVALID_EVTXS="no" +VALID_EVTXS="no" + +# track oldest start and newest end so that we can generate the Kibana search hyperlink at the end +START_OLDEST="2050-12-31" +END_NEWEST="1971-01-01" + +touch /nsm/import/evtx-start_oldest +touch /nsm/import/evtx-end_newest + +echo $START_OLDEST > /nsm/import/evtx-start_oldest +echo $END_NEWEST > /nsm/import/evtx-end_newest + +# paths must be quoted in case they include spaces +for EVTX in "$@"; do + EVTX=$(/usr/bin/realpath "$EVTX") + echo "Processing Import: ${EVTX}" + + # generate a unique hash to assist with dedupe checks + HASH=$(md5sum "${EVTX}" | awk '{ print $1 }') + HASH_DIR=/nsm/import/${HASH} + echo "- assigning unique identifier to import: $HASH" + + if [ -d $HASH_DIR ]; then + echo "- this EVTX has already been imported; skipping" + INVALID_EVTXS="yes" + else + VALID_EVTXS="yes" + + EVTX_DIR=$HASH_DIR/evtx + mkdir -p $EVTX_DIR + + # import evtx and write them to import ingest pipeline + echo "- importing logs to Elasticsearch..." + evtx2es "${EVTX}" $HASH + + # compare $START to $START_OLDEST + START=$(cat /nsm/import/evtx-start_oldest) + START_COMPARE=$(date -d $START +%s) + START_OLDEST_COMPARE=$(date -d $START_OLDEST +%s) + if [ $START_COMPARE -lt $START_OLDEST_COMPARE ]; then + START_OLDEST=$START + fi + + # compare $ENDNEXT to $END_NEWEST + END=$(cat /nsm/import/evtx-end_newest) + ENDNEXT=`date +%Y-%m-%d --date="$END 1 day"` + ENDNEXT_COMPARE=$(date -d $ENDNEXT +%s) + END_NEWEST_COMPARE=$(date -d $END_NEWEST +%s) + if [ $ENDNEXT_COMPARE -gt $END_NEWEST_COMPARE ]; then + END_NEWEST=$ENDNEXT + fi + + cp -f "${EVTX}" "${EVTX_DIR}"/data.evtx + chmod 644 "${EVTX_DIR}"/data.evtx + + fi # end of valid evtx + + echo + +done # end of for-loop processing evtx files + +# remove temp files +echo "Cleaning up:" +for TEMP_EVTX in ${TEMP_EVTXS[@]}; do + echo "- removing temporary evtx $TEMP_EVTX" + rm -f $TEMP_EVTX +done + +# output final messages +if [ "$INVALID_EVTXS" = "yes" ]; then + echo + echo "Please note! One or more evtx was invalid! You can scroll up to see which ones were invalid." +fi + +START_OLDEST_FORMATTED=`date +%Y-%m-%d --date="$START_OLDEST"` +START_OLDEST_SLASH=$(echo $START_OLDEST_FORMATTED | sed -e 's/-/%2F/g') +END_NEWEST_SLASH=$(echo $END_NEWEST | sed -e 's/-/%2F/g') + +if [ "$VALID_EVTXS" = "yes" ]; then +cat << EOF + +Import complete! + +You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: +https://{{ URLBASE }}/#/hunt?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC + +or you can manually set your Time Range to be (in UTC): +From: $START_OLDEST_FORMATTED To: $END_NEWEST + +Please note that it may take 30 seconds or more for events to appear in Hunt. +EOF +fi diff --git a/salt/common/tools/sbin/so-influxdb-drop-autogen b/salt/common/tools/sbin/so-influxdb-drop-autogen old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update index 9976a42e8..8ef99fadc 100755 --- a/salt/common/tools/sbin/so-ip-update +++ b/salt/common/tools/sbin/so-ip-update @@ -8,9 +8,9 @@ fi echo "This tool will update a manager's IP address to the new IP assigned to the management network interface." -echo +echo "" echo "WARNING: This tool is still undergoing testing, use at your own risk!" -echo +echo "" if [ -z "$OLD_IP" ]; then OLD_IP=$(lookup_pillar "managerip") @@ -27,7 +27,7 @@ if [ -z "$NEW_IP" ]; then NEW_IP=$(ip -4 addr list $iface | grep inet | cut -d' ' -f6 | cut -d/ -f1) if [ -z "$NEW_IP" ]; then - fail "Unable to detect new IP on interface $iface. " + fail "Unable to detect new IP on interface $iface." fi echo "Detected new IP $NEW_IP on interface $iface." @@ -39,15 +39,20 @@ fi echo "About to change old IP $OLD_IP to new IP $NEW_IP." -echo +echo "" read -n 1 -p "Would you like to continue? (y/N) " CONTINUE -echo +echo "" if [ "$CONTINUE" == "y" ]; then - for file in $(grep -rlI $OLD_IP /opt/so/saltstack /etc); do - echo "Updating file: $file" - sed -i "s|$OLD_IP|$NEW_IP|g" $file - done + for file in $(grep -rlI $OLD_IP /opt/so/saltstack /etc); do + echo "Updating file: $file" + sed -i "s|$OLD_IP|$NEW_IP|g" $file + done + + echo "Granting MySQL root user permissions on $NEW_IP" + docker exec -i so-mysql mysql --user=root --password=$(lookup_pillar_secret 'mysql') -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'$NEW_IP' IDENTIFIED BY '$(lookup_pillar_secret 'mysql')' WITH GRANT OPTION;" &> /dev/null + echo "Removing MySQL root user from $OLD_IP" + docker exec -i so-mysql mysql --user=root --password=$(lookup_pillar_secret 'mysql') -e "DROP USER 'root'@'$OLD_IP';" &> /dev/null echo "The IP has been changed from $OLD_IP to $NEW_IP." @@ -60,4 +65,4 @@ if [ "$CONTINUE" == "y" ]; then fi else echo "Exiting without changes." -fi \ No newline at end of file +fi diff --git a/salt/common/tools/sbin/so-airgap-hotfixdownload b/salt/common/tools/sbin/so-kibana-savedobjects-defaults similarity index 56% rename from salt/common/tools/sbin/so-airgap-hotfixdownload rename to salt/common/tools/sbin/so-kibana-savedobjects-defaults index 422fa5f1f..c3d907961 100755 --- a/salt/common/tools/sbin/so-airgap-hotfixdownload +++ b/salt/common/tools/sbin/so-kibana-savedobjects-defaults @@ -15,19 +15,16 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# Get the latest code -rm -rf /tmp/sohotfix -mkdir -p /tmp/sohotfix -cd /tmp/sohotfix -git clone https://github.com/Security-Onion-Solutions/securityonion -if [ ! -d "/tmp/sohotfix/securityonion" ]; then - echo "I was unable to get the latest code. Check your internet and try again." - exit 1 -else - echo "Looks like we have the code lets create the tarball." - cd /tmp/sohotfix/securityonion - tar cvf /tmp/sohotfix/sohotfix.tar HOTFIX VERSION salt pillar - echo "" - echo "Copy /tmp/sohotfix/sohotfix.tar to portable media and then copy it to your airgap manager." - exit 0 -fi \ No newline at end of file +. /usr/sbin/so-common + +echo $banner +echo "Running kibana.so_savedobjects_defaults Salt state to restore default saved objects." +printf "This could take a while if another Salt job is running. \nRun this command with --force to stop all Salt jobs before proceeding.\n" +echo $banner + + if [ "$1" = "--force" ]; then + printf "\nForce-stopping all Salt jobs before proceeding\n\n" + salt-call saltutil.kill_all_jobs + fi + +salt-call state.apply kibana.so_savedobjects_defaults -linfo queue=True diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/common/tools/sbin/so-kibana-space-defaults index d90cf0c11..26eba3262 100755 --- a/salt/common/tools/sbin/so-kibana-space-defaults +++ b/salt/common/tools/sbin/so-kibana-space-defaults @@ -1,5 +1,5 @@ . /usr/sbin/so-common - +{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %} wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" ## This hackery will be removed if using Elastic Auth ## @@ -9,5 +9,9 @@ SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid # Disable certain Features from showing up in the Kibana UI echo echo "Setting up default Space:" +{% if HIGHLANDER %} +{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log +{% else %} {{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log +{% endif %} echo diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn new file mode 100755 index 000000000..273f1b8f4 --- /dev/null +++ b/salt/common/tools/sbin/so-learn @@ -0,0 +1,303 @@ +#!/usr/bin/env python3 + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from itertools import chain +from typing import List + +import signal +import sys +import os +import re +import subprocess +import argparse +import textwrap +import yaml +import multiprocessing +import docker +import pty + +minion_pillar_dir = '/opt/so/saltstack/local/pillar/minions' +so_status_conf = '/opt/so/conf/so-status/so-status.conf' +proc: subprocess.CompletedProcess = None + +# Temp store of modules, will likely be broken out into salt +def get_learn_modules(): + return { + 'logscan': { 'cpu_period': get_cpu_period(fraction=0.25), 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } + } + + +def get_cpu_period(fraction: float): + multiplier = 10000 + + num_cores = multiprocessing.cpu_count() + if num_cores <= 2: + fraction = 1. + + num_used_cores = int(num_cores * fraction) + cpu_period = num_used_cores * multiplier + return cpu_period + + +def sigint_handler(*_): + print('Exiting gracefully on Ctrl-C') + if proc is not None: proc.send_signal(signal.SIGINT) + sys.exit(1) + + +def find_minion_pillar() -> str: + regex = '^.*_(manager|managersearch|standalone|import|eval)\.sls$' + + result = [] + for root, _, files in os.walk(minion_pillar_dir): + for f_minion_id in files: + if re.search(regex, f_minion_id): + result.append(os.path.join(root, f_minion_id)) + + if len(result) == 0: + print('Could not find manager-type pillar (eval, standalone, manager, managersearch, import). Are you running this script on the manager?', file=sys.stderr) + sys.exit(3) + elif len(result) > 1: + res_str = ', '.join(f'\"{result}\"') + print('(This should not happen, the system is in an error state if you see this message.)\n', file=sys.stderr) + print('More than one manager-type pillar exists, minion id\'s listed below:', file=sys.stderr) + print(f' {res_str}', file=sys.stderr) + sys.exit(3) + else: + return result[0] + + +def read_pillar(pillar: str): + try: + with open(pillar, 'r') as pillar_file: + loaded_yaml = yaml.safe_load(pillar_file.read()) + if loaded_yaml is None: + print(f'Could not parse {pillar}', file=sys.stderr) + sys.exit(3) + return loaded_yaml + except: + print(f'Could not open {pillar}', file=sys.stderr) + sys.exit(3) + + +def write_pillar(pillar: str, content: dict): + try: + with open(pillar, 'w') as pillar_file: + yaml.dump(content, pillar_file, default_flow_style=False) + except: + print(f'Could not open {pillar}', file=sys.stderr) + sys.exit(3) + + +def mod_so_status(action: str, item: str): + with open(so_status_conf, 'a+') as conf: + conf.seek(0) + containers = conf.readlines() + + if f'so-{item}\n' in containers: + if action == 'remove': containers.remove(f'so-{item}\n') + if action == 'add': pass + else: + if action == 'remove': pass + if action == 'add': containers.append(f'so-{item}\n') + + [containers.remove(c_name) for c_name in containers if c_name == '\n'] # remove extra newlines + + conf.seek(0) + conf.truncate(0) + conf.writelines(containers) + + +def create_pillar_if_not_exist(pillar:str, content: dict): + pillar_dict = content + + if pillar_dict.get('learn', {}).get('modules') is None: + pillar_dict['learn'] = {} + pillar_dict['learn']['modules'] = get_learn_modules() + content.update() + write_pillar(pillar, content) + + return content + + +def salt_call(module: str): + salt_cmd = ['salt-call', 'state.apply', '-l', 'quiet', f'learn.{module}', 'queue=True'] + + print(f' Applying salt state for {module} module...') + proc = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return_code = proc.returncode + if return_code != 0: + print(f' [ERROR] Failed to apply salt state for {module} module.') + + return return_code + + +def pull_image(module: str): + container_basename = f'so-{module}' + + client = docker.from_env() + image_list = client.images.list(filters={ 'dangling': False }) + tag_list = list(chain.from_iterable(list(map(lambda x: x.attrs.get('RepoTags'), image_list)))) + basename_match = list(filter(lambda x: f'{container_basename}' in x, tag_list)) + local_registry_match = list(filter(lambda x: ':5000' in x, basename_match)) + + if len(local_registry_match) == 0: + print(f'Pulling and verifying missing image for {module} (may take several minutes) ...') + pull_command = ['so-image-pull', '--quiet', container_basename] + + proc = subprocess.run(pull_command, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return_code = proc.returncode + if return_code != 0: + print(f'[ERROR] Failed to pull image so-{module}, skipping state.') + else: + return_code = 0 + return return_code + + +def apply(module_list: List): + return_code = 0 + for module in module_list: + salt_ret = salt_call(module) + # Only update return_code if the command returned a non-zero return + if salt_ret != 0: + return_code = salt_ret + + return return_code + + +def check_apply(args: dict): + if args.apply: + print('Configuration updated. Applying changes:') + return apply(args.modules) + else: + message = 'Configuration updated. Would you like to apply your changes now? (y/N) ' + answer = input(message) + while answer.lower() not in [ 'y', 'n', '' ]: + answer = input(message) + if answer.lower() in [ 'n', '' ]: + return 0 + else: + print('Applying changes:') + return apply(args.modules) + + +def enable_disable_modules(args, enable: bool): + pillar_modules = args.pillar_dict.get('learn', {}).get('modules') + pillar_mod_names = args.pillar_dict.get('learn', {}).get('modules').keys() + + action_str = 'add' if enable else 'remove' + + if 'all' in args.modules: + for module, details in pillar_modules.items(): + details['enabled'] = enable + mod_so_status(action_str, module) + if enable: pull_image(module) + args.pillar_dict.update() + write_pillar(args.pillar, args.pillar_dict) + else: + write_needed = False + for module in args.modules: + if module in pillar_mod_names: + if pillar_modules[module]['enabled'] == enable: + state_str = 'enabled' if enable else 'disabled' + print(f'{module} module already {state_str}.', file=sys.stderr) + else: + if enable and pull_image(module) != 0: + continue + pillar_modules[module]['enabled'] = enable + mod_so_status(action_str, module) + write_needed = True + if write_needed: + args.pillar_dict.update() + write_pillar(args.pillar, args.pillar_dict) + + cmd_ret = check_apply(args) + return cmd_ret + + +def enable_modules(args): + enable_disable_modules(args, enable=True) + + +def disable_modules(args): + enable_disable_modules(args, enable=False) + + +def list_modules(*_): + print('Available ML modules:') + for module, details in get_learn_modules().items(): + print(f' - { module } : {details["description"]}') + return 0 + + +def main(): + beta_str = 'BETA - SUBJECT TO CHANGE\n' + + apply_help='After ACTION the chosen modules, apply any necessary salt states.' + enable_apply_help = apply_help.replace('ACTION', 'enabling') + disable_apply_help = apply_help.replace('ACTION', 'disabling') + + signal.signal(signal.SIGINT, sigint_handler) + + if os.geteuid() != 0: + print('You must run this script as root', file=sys.stderr) + sys.exit(1) + + main_parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter) + + subcommand_desc = textwrap.dedent( + """\ + enable Enable one or more ML modules. + disable Disable one or more ML modules. + list List all available ML modules. + """ + ) + + subparsers = main_parser.add_subparsers(title='commands', description=subcommand_desc, metavar='', dest='command') + + module_help_str = 'One or more ML modules, which can be listed using \'so-learn list\'. Use the keyword \'all\' to apply the action to all available modules.' + + enable = subparsers.add_parser('enable') + enable.set_defaults(func=enable_modules) + enable.add_argument('modules', metavar='ML_MODULE', nargs='+', help=module_help_str) + enable.add_argument('--apply', action='store_const', const=True, required=False, help=enable_apply_help) + + disable = subparsers.add_parser('disable') + disable.set_defaults(func=disable_modules) + disable.add_argument('modules', metavar='ML_MODULE', nargs='+', help=module_help_str) + disable.add_argument('--apply', action='store_const', const=True, required=False, help=disable_apply_help) + + list = subparsers.add_parser('list') + list.set_defaults(func=list_modules) + + args = main_parser.parse_args(sys.argv[1:]) + args.pillar = find_minion_pillar() + args.pillar_dict = create_pillar_if_not_exist(args.pillar, read_pillar(args.pillar)) + + if hasattr(args, 'func'): + exit_code = args.func(args) + else: + if args.command is None: + print(beta_str) + main_parser.print_help() + sys.exit(0) + + sys.exit(exit_code) + + +if __name__ == '__main__': + main() diff --git a/salt/common/tools/sbin/so-fleet-user-enable b/salt/common/tools/sbin/so-playbook-import similarity index 51% rename from salt/common/tools/sbin/so-fleet-user-enable rename to salt/common/tools/sbin/so-playbook-import index 017c5a77a..107851278 100755 --- a/salt/common/tools/sbin/so-fleet-user-enable +++ b/salt/common/tools/sbin/so-playbook-import @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify @@ -17,42 +17,6 @@ . /usr/sbin/so-common -usage() { - echo "Usage: $0 " - echo "" - echo "Enables or disables a user in Fleet" - exit 1 -} +ENABLEPLAY=${1:-False} -if [ $# -ne 2 ]; then - usage -fi - -USER=$1 - -MYSQL_PASS=$(lookup_pillar_secret mysql) -FLEET_IP=$(lookup_pillar fleet_ip) -FLEET_USER=$USER - -case "${2^^}" in - FALSE | NO | 0) - FLEET_STATUS=0 - ;; - TRUE | YES | 1) - FLEET_STATUS=1 - ;; - *) - usage - ;; -esac - -MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \ - "UPDATE users SET enabled=$FLEET_STATUS WHERE username='$FLEET_USER'" 2>&1) - -if [[ $? -eq 0 ]]; then - echo "Successfully updated user in Fleet" -else - echo "Failed to update user in Fleet" - echo $resp - exit 2 -fi \ No newline at end of file +docker exec so-soctopus /usr/local/bin/python -c "import playbook; print(playbook.play_import($ENABLEPLAY))" diff --git a/salt/common/tools/sbin/so-raid-status b/salt/common/tools/sbin/so-raid-status index e7da94878..7ba89b1c8 100755 --- a/salt/common/tools/sbin/so-raid-status +++ b/salt/common/tools/sbin/so-raid-status @@ -17,53 +17,101 @@ . /usr/sbin/so-common -check_lsi_raid() { - # For use for LSI on Ubuntu - #MEGA=/opt/MegaRAID/MegeCli/MegaCli64 - #LSIRC=$($MEGA -LDInfo -Lall -aALL | grep Optimal) - # Open Source Centos - MEGA=/opt/mega/megasasctl - LSIRC=$($MEGA | grep optimal) +appliance_check() { + {%- if salt['grains.get']('sosmodel', '') %} + APPLIANCE=1 + {%- if grains['sosmodel'] in ['SO2AMI01', 'SO2GCI01', 'SO2AZI01'] %} + exit 0 + {%- endif %} + DUDEYOUGOTADELL=$(dmidecode |grep Dell) + if [[ -n $DUDEYOUGOTADELL ]]; then + APPTYPE=dell + else + APPTYPE=sm + fi + mkdir -p /opt/so/log/raid - if [[ $LSIRC ]]; then - # Raid is good - LSIRAID=0 + {%- else %} + echo "This is not an appliance" + exit 0 + {%- endif %} +} + +check_nsm_raid() { + PERCCLI=$(/opt/raidtools/perccli/perccli64 /c0/v0 show|grep RAID|grep Optl) + MEGACTL=$(/opt/raidtools/megasasctl |grep optimal) + + if [[ $APPLIANCE == '1' ]]; then + if [[ -n $PERCCLI ]]; then + HWRAID=0 + elif [[ -n $MEGACTL ]]; then + HWRAID=0 else - LSIRAID=1 + HWRAID=1 fi + fi + +} + +check_boss_raid() { + MVCLI=$(/usr/local/bin/mvcli info -o vd |grep status |grep functional) + + if [[ -n $DUDEYOUGOTADELL ]]; then + if [[ -n $MVCLI ]]; then + BOSSRAID=0 + else + BOSSRAID=1 + fi + fi } check_software_raid() { + if [[ -n $DUDEYOUGOTADELL ]]; then SWRC=$(grep "_" /proc/mdstat) - if [[ $SWRC ]]; then + if [[ -n $SWRC ]]; then # RAID is failed in some way SWRAID=1 else SWRAID=0 fi + fi } # This script checks raid status if you use SO appliances # See if this is an appliance +appliance_check +check_nsm_raid +check_boss_raid {%- if salt['grains.get']('sosmodel', '') %} -mkdir -p /opt/so/log/raid - {%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %} -#check_boss_raid +{%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %} check_software_raid -echo "nsmraid=$SWRAID" > /opt/so/log/raid/status.log - {%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %} -#check_boss_raid -check_lsi_raid -echo "nsmraid=$LSIRAID" > /opt/so/log/raid/status.log - {%- else %} -exit 0 - {%- endif %} -{%- else %} -exit 0 +{%- endif %} {%- endif %} +if [[ -n $SWRAID ]]; then + if [[ $SWRAID == '0' && $BOSSRAID == '0' ]]; then + RAIDSTATUS=0 + else + RAIDSTATUS=1 + fi +elif [[ -n $DUDEYOUGOTADELL ]]; then + if [[ $BOSSRAID == '0' && $HWRAID == '0' ]]; then + RAIDSTATUS=0 + else + RAIDSTATUS=1 + fi +elif [[ "$APPTYPE" == 'sm' ]]; then + if [[ -n "$HWRAID" ]]; then + RAIDSTATUS=0 + else + RAIDSTATUS=1 + fi +fi + +echo "nsmraid=$RAIDSTATUS" > /opt/so/log/raid/status.log + diff --git a/salt/common/tools/sbin/so-redis-count b/salt/common/tools/sbin/so-redis-count index 6ae52f1f6..afcb07d55 100755 --- a/salt/common/tools/sbin/so-redis-count +++ b/salt/common/tools/sbin/so-redis-count @@ -17,4 +17,4 @@ . /usr/sbin/so-common -docker exec -it so-redis redis-cli llen logstash:unparsed +docker exec so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-rule b/salt/common/tools/sbin/so-rule index 07d6cd2cc..9cc6ed4e0 100755 --- a/salt/common/tools/sbin/so-rule +++ b/salt/common/tools/sbin/so-rule @@ -405,7 +405,7 @@ def main(): enabled_list.set_defaults(func=list_enabled_rules) - search_term_help='A quoted regex search term (ex: "\$EXTERNAL_NET")' + search_term_help='A properly escaped regex search term (ex: "\\\$EXTERNAL_NET")' replace_term_help='The text to replace the search term with' # Modify actions diff --git a/salt/common/tools/sbin/so-rule-update b/salt/common/tools/sbin/so-rule-update index 397719d61..a3c2616a4 100755 --- a/salt/common/tools/sbin/so-rule-update +++ b/salt/common/tools/sbin/so-rule-update @@ -1,13 +1,10 @@ #!/bin/bash -got_root() { - # Make sure you are root - if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi +. /usr/sbin/so-common -} +argstr="" +for arg in "$@"; do + argstr="${argstr} \"${arg}\"" +done -got_root -docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat $1" +docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat --force ${argstr}" diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 0e420976c..381c5db9c 100755 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -92,6 +92,10 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then log "last highstate completed at `date -d @$LAST_HIGHSTATE_END`" I log "checking if any jobs are running" I logCmd "salt-call --local saltutil.running" I + log "ensure salt.minion-state-apply-test is enabled" I + logCmd "salt-call state.enable salt.minion-state-apply-test" I + log "ensure highstate is enabled" I + logCmd "salt-call state.enable highstate" I log "killing all salt-minion processes" I logCmd "pkill -9 -ef /usr/bin/salt-minion" I log "starting salt-minion service" I @@ -101,4 +105,4 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then fi else log "system uptime only $((CURRENT_TIME-SYSTEM_START_TIME)) seconds does not meet $UPTIME_REQ second requirement." I -fi \ No newline at end of file +fi diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay index 3c1ce8fb9..e85474c67 100755 --- a/salt/common/tools/sbin/so-tcpreplay +++ b/salt/common/tools/sbin/so-tcpreplay @@ -31,7 +31,7 @@ if [[ $# -lt 1 ]]; then echo "Usage: $0 " echo echo "All PCAPs must be placed in the /opt/so/samples directory unless replaying" - echo "a sample pcap that is included in the so-tcpreplay image. Those PCAP sampes" + echo "a sample pcap that is included in the so-tcpreplay image. Those PCAP samples" echo "are located in the /opt/samples directory inside of the image." echo echo "Customer provided PCAP example:" diff --git a/salt/common/tools/sbin/so-thehive-user-add b/salt/common/tools/sbin/so-thehive-user-add index 5d174fdf1..9cbe0cd56 100755 --- a/salt/common/tools/sbin/so-thehive-user-add +++ b/salt/common/tools/sbin/so-thehive-user-add @@ -41,10 +41,7 @@ if [[ $? == 0 ]]; then fi read -rs THEHIVE_PASS -if ! check_password "$THEHIVE_PASS"; then - echo "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." - exit 2 -fi +check_password_and_exit "$THEHIVE_PASS" # Create new user in TheHive resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}") diff --git a/salt/common/tools/sbin/so-thehive-user-update b/salt/common/tools/sbin/so-thehive-user-update new file mode 100755 index 000000000..fdda5eaa7 --- /dev/null +++ b/salt/common/tools/sbin/so-thehive-user-update @@ -0,0 +1,57 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +usage() { + echo "Usage: $0 " + echo "" + echo "Update password for an existing TheHive user. The new password will be read from STDIN." + exit 1 +} + +if [ $# -ne 1 ]; then + usage +fi + +USER=$1 + +THEHIVE_KEY=$(lookup_pillar hivekey) +THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api" +THEHIVE_USER=$USER + +# Read password for new user from stdin +test -t 0 +if [[ $? == 0 ]]; then + echo "Enter new password:" +fi +read -rs THEHIVE_PASS + +if ! check_password "$THEHIVE_PASS"; then + echo "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." + exit 2 +fi + +# Change password for user in TheHive +resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}/password/set" -d "{\"password\" : \"$THEHIVE_PASS\"}") +if [[ -z "$resp" ]]; then + echo "Successfully updated TheHive user password" +else + echo "Unable to update TheHive user password" + echo $resp + exit 2 +fi diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index f0c064d03..cf9fc91c0 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -18,11 +18,17 @@ source $(dirname $0)/so-common -if [[ $# -lt 1 || $# -gt 2 ]]; then - echo "Usage: $0 [email]" +DEFAULT_ROLE=analyst + +if [[ $# -lt 1 || $# -gt 3 ]]; then + echo "Usage: $0 [email] [role]" + echo "" + echo " where is one of the following:" echo "" echo " list: Lists all user email addresses currently defined in the identity system" - echo " add: Adds a new user to the identity system; requires 'email' parameter" + echo " add: Adds a new user to the identity system; requires 'email' parameter, while 'role' parameter is optional and defaults to $DEFAULT_ROLE" + echo " addrole: Grants a role to an existing user; requires 'email' and 'role' parameters" + echo " delrole: Removes a role from an existing user; requires 'email' and 'role' parameters" echo " update: Updates a user's password; requires 'email' parameter" echo " enable: Enables a user; requires 'email' parameter" echo " disable: Disables a user; requires 'email' parameter" @@ -36,14 +42,18 @@ fi operation=$1 email=$2 +role=$3 kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434} databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite} bcryptRounds=${BCRYPT_ROUNDS:-12} elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users} elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles} +socRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_users_roles} esUID=${ELASTIC_UID:-930} esGID=${ELASTIC_GID:-930} +soUID=${SOCORE_UID:-939} +soGID=${SOCORE_GID:-939} function lock() { # Obtain file descriptor lock @@ -80,7 +90,7 @@ function findIdByEmail() { email=$1 response=$(curl -Ss -L ${kratosUrl}/identities) - identityId=$(echo "${response}" | jq ".[] | select(.verifiable_addresses[0].value == \"$email\") | .id") + identityId=$(echo "${response}" | jq -r ".[] | select(.verifiable_addresses[0].value == \"$email\") | .id") echo $identityId } @@ -89,17 +99,23 @@ function validatePassword() { len=$(expr length "$password") if [[ $len -lt 6 ]]; then - echo "Password does not meet the minimum requirements" - exit 2 + fail "Password does not meet the minimum requirements" fi + if [[ $len -gt 72 ]]; then + fail "Password is too long (max: 72)" + fi + check_password_and_exit "$password" } function validateEmail() { email=$1 # (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\]) if [[ ! "$email" =~ ^[[:alnum:]._%+-]+@[[:alnum:].-]+\.[[:alpha:]]{2,}$ ]]; then - echo "Email address is invalid" - exit 3 + fail "Email address is invalid" + fi + + if [[ "$email" =~ [A-Z] ]]; then + fail "Email addresses cannot contain uppercase letters" fi } @@ -127,21 +143,51 @@ function updatePassword() { validatePassword "$password" fi - if [[ -n $identityId ]]; then + if [[ -n "$identityId" ]]; then # Generate password hash passwordHash=$(hashPassword "$password") # Update DB with new hash - echo "update identity_credentials set config=CAST('{\"hashed_password\":\"$passwordHash\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath" + echo "update identity_credentials set config=CAST('{\"hashed_password\":\"$passwordHash\"}' as BLOB) where identity_id='${identityId}';" | sqlite3 "$databasePath" [[ $? != 0 ]] && fail "Unable to update password" fi } -function createElasticFile() { +function createFile() { filename=$1 - tmpFile=${filename} - truncate -s 0 "$tmpFile" - chmod 600 "$tmpFile" - chown "${esUID}:${esGID}" "$tmpFile" + uid=$2 + gid=$3 + + mkdir -p $(dirname "$filename") + truncate -s 0 "$filename" + chmod 600 "$filename" + chown "${uid}:${gid}" "$filename" +} + +function ensureRoleFileExists() { + if [[ ! -f "$socRolesFile" || ! -s "$socRolesFile" ]]; then + # Generate the new users file + rolesTmpFile="${socRolesFile}.tmp" + createFile "$rolesTmpFile" "$soUID" "$soGID" + + if [[ -f "$databasePath" ]]; then + echo "Migrating roles to new file: $socRolesFile" + + echo "select 'superuser:' || id from identities;" | sqlite3 "$databasePath" \ + >> "$rolesTmpFile" + [[ $? != 0 ]] && fail "Unable to read identities from database" + + echo "The following users have all been migrated with the super user role:" + cat "${rolesTmpFile}" + else + echo "Database file does not exist yet, installation is likely not yet complete." + fi + + if [[ -d "$socRolesFile" ]]; then + echo "Removing invalid roles directory created by Docker" + rm -fr "$socRolesFile" + fi + mv "${rolesTmpFile}" "${socRolesFile}" + fi } function syncElasticSystemUser() { @@ -172,53 +218,56 @@ function syncElasticSystemRole() { } function syncElastic() { - echo "Syncing users between SOC and Elastic..." + echo "Syncing users and roles between SOC and Elastic..." + usersTmpFile="${elasticUsersFile}.tmp" + createFile "${usersTmpFile}" "$esUID" "$esGID" rolesTmpFile="${elasticRolesFile}.tmp" - createElasticFile "${usersTmpFile}" - createElasticFile "${rolesTmpFile}" + createFile "${rolesTmpFile}" "$esUID" "$esGID" authPillarJson=$(lookup_salt_value "auth" "elasticsearch" "pillar" "json") syncElasticSystemUser "$authPillarJson" "so_elastic_user" "$usersTmpFile" - syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesTmpFile" - syncElasticSystemUser "$authPillarJson" "so_kibana_user" "$usersTmpFile" - syncElasticSystemRole "$authPillarJson" "so_kibana_user" "superuser" "$rolesTmpFile" - syncElasticSystemUser "$authPillarJson" "so_logstash_user" "$usersTmpFile" - syncElasticSystemRole "$authPillarJson" "so_logstash_user" "superuser" "$rolesTmpFile" - syncElasticSystemUser "$authPillarJson" "so_beats_user" "$usersTmpFile" - syncElasticSystemRole "$authPillarJson" "so_beats_user" "superuser" "$rolesTmpFile" - syncElasticSystemUser "$authPillarJson" "so_monitor_user" "$usersTmpFile" + + syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesTmpFile" + syncElasticSystemRole "$authPillarJson" "so_kibana_user" "superuser" "$rolesTmpFile" + syncElasticSystemRole "$authPillarJson" "so_logstash_user" "superuser" "$rolesTmpFile" + syncElasticSystemRole "$authPillarJson" "so_beats_user" "superuser" "$rolesTmpFile" syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesTmpFile" syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesTmpFile" syncElasticSystemRole "$authPillarJson" "so_monitor_user" "monitoring_user" "$rolesTmpFile" - if [[ -f "$databasePath" ]]; then - # Generate the new users file + if [[ -f "$databasePath" && -f "$socRolesFile" ]]; then + # Append the SOC users echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \ - "from identity_credential_identifiers ici, identity_credentials ic " \ - "where ici.identity_credential_id=ic.id and instr(ic.config, 'hashed_password') " \ + "from identity_credential_identifiers ici, identity_credentials ic, identities i " \ + "where " \ + " ici.identity_credential_id=ic.id " \ + " and ic.identity_id=i.id " \ + " and instr(ic.config, 'hashed_password') " \ + " and i.state == 'active' " \ "order by ici.identifier;" | \ sqlite3 "$databasePath" | \ jq -r '.user + ":" + .data.hashed_password' \ >> "$usersTmpFile" [[ $? != 0 ]] && fail "Unable to read credential hashes from database" - # Generate the new users_roles file - - echo "select 'superuser:' || ici.identifier " \ - "from identity_credential_identifiers ici, identity_credentials ic " \ - "where ici.identity_credential_id=ic.id and instr(ic.config, 'hashed_password') " \ - "order by ici.identifier;" | \ - sqlite3 "$databasePath" \ - >> "$rolesTmpFile" - [[ $? != 0 ]] && fail "Unable to read credential IDs from database" + # Append the user roles + while IFS="" read -r rolePair || [ -n "$rolePair" ]; do + userId=$(echo "$rolePair" | cut -d: -f2) + role=$(echo "$rolePair" | cut -d: -f1) + echo "select '$role:' || ici.identifier " \ + "from identity_credential_identifiers ici, identity_credentials ic " \ + "where ici.identity_credential_id=ic.id and ic.identity_id = '$userId';" | \ + sqlite3 "$databasePath" >> "$rolesTmpFile" + done < "$socRolesFile" + else - echo "Database file does not exist yet, skipping users export" + echo "Database file or soc roles file does not exist yet, skipping users export" fi if [[ -s "${usersTmpFile}" ]]; then @@ -236,15 +285,22 @@ function syncElastic() { } function syncAll() { + ensureRoleFileExists + + # Check if a sync is needed. Sync is not needed if the following are true: + # - user database entries are all older than the elastic users file + # - soc roles file last modify date is older than the elastic roles file if [[ -z "$FORCE_SYNC" && -f "$databasePath" && -f "$elasticUsersFile" ]]; then usersFileAgeSecs=$(echo $(($(date +%s) - $(date +%s -r "$elasticUsersFile")))) staleCount=$(echo "select count(*) from identity_credentials where updated_at >= Datetime('now', '-${usersFileAgeSecs} seconds');" \ | sqlite3 "$databasePath") - if [[ "$staleCount" == "0" ]]; then + if [[ "$staleCount" == "0" && "$elasticRolesFile" -nt "$socRolesFile" ]]; then return 1 fi fi + syncElastic + return 0 } @@ -252,11 +308,64 @@ function listUsers() { response=$(curl -Ss -L ${kratosUrl}/identities) [[ $? != 0 ]] && fail "Unable to communicate with Kratos" - echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort + users=$(echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort) + for user in $users; do + roles=$(grep "$user" "$elasticRolesFile" | cut -d: -f1 | tr '\n' ' ') + echo "$user: $roles" + done +} + +function addUserRole() { + email=$1 + role=$2 + + adjustUserRole "$email" "$role" "add" +} + +function deleteUserRole() { + email=$1 + role=$2 + + adjustUserRole "$email" "$role" "del" +} + +function adjustUserRole() { + email=$1 + role=$2 + op=$3 + + identityId=$(findIdByEmail "$email") + [[ ${identityId} == "" ]] && fail "User not found" + + ensureRoleFileExists + + filename="$socRolesFile" + hasRole=0 + grep "$role:" "$socRolesFile" | grep -q "$identityId" && hasRole=1 + if [[ "$op" == "add" ]]; then + if [[ "$hasRole" == "1" ]]; then + echo "User '$email' already has the role: $role" + return 1 + else + echo "$role:$identityId" >> "$filename" + fi + elif [[ "$op" == "del" ]]; then + if [[ "$hasRole" -ne 1 ]]; then + fail "User '$email' does not have the role: $role" + else + sed "/^$role:$identityId\$/d" "$filename" > "$filename.tmp" + cat "$filename".tmp > "$filename" + rm -f "$filename".tmp + fi + else + fail "Unsupported role adjustment operation: $op" + fi + return 0 } function createUser() { email=$1 + role=$2 now=$(date -u +%FT%TZ) addUserJson=$(cat < "$rolesTmpFile" + mv "$rolesTmpFile" "$socRolesFile" } case "${operation}" in @@ -339,7 +461,7 @@ case "${operation}" in lock validateEmail "$email" updatePassword - createUser "$email" + createUser "$email" "${role:-$DEFAULT_ROLE}" syncAll echo "Successfully added new user to SOC" check_container thehive && echo "$password" | so-thehive-user-add "$email" @@ -351,6 +473,31 @@ case "${operation}" in listUsers ;; + "addrole") + verifyEnvironment + [[ "$email" == "" ]] && fail "Email address must be provided" + [[ "$role" == "" ]] && fail "Role must be provided" + + lock + validateEmail "$email" + if addUserRole "$email" "$role"; then + syncElastic + echo "Successfully added role to user" + fi + ;; + + "delrole") + verifyEnvironment + [[ "$email" == "" ]] && fail "Email address must be provided" + [[ "$role" == "" ]] && fail "Role must be provided" + + lock + validateEmail "$email" + deleteUserRole "$email" "$role" + syncElastic + echo "Successfully removed role from user" + ;; + "update") verifyEnvironment [[ "$email" == "" ]] && fail "Email address must be provided" @@ -370,7 +517,7 @@ case "${operation}" in syncAll echo "Successfully enabled user" check_container thehive && so-thehive-user-enable "$email" true - check_container fleet && so-fleet-user-enable "$email" true + echo "Fleet user will need to be recreated manually with so-fleet-user-add" ;; "disable") @@ -382,7 +529,7 @@ case "${operation}" in syncAll echo "Successfully disabled user" check_container thehive && so-thehive-user-enable "$email" false - check_container fleet && so-fleet-user-enable "$email" false + check_container fleet && so-fleet-user-delete "$email" ;; "delete") @@ -394,7 +541,7 @@ case "${operation}" in syncAll echo "Successfully deleted user" check_container thehive && so-thehive-user-enable "$email" false - check_container fleet && so-fleet-user-enable "$email" false + check_container fleet && so-fleet-user-delete "$email" ;; "sync") @@ -418,6 +565,11 @@ case "${operation}" in echo "Password is acceptable" ;; + "migrate") + migrateLockedUsers + echo "User migration complete" + ;; + *) fail "Unsupported operation: $operation" ;; diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index 9f749727f..025cf8c70 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -1,5 +1,4 @@ #!/bin/bash - # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify @@ -20,13 +19,8 @@ echo "Starting to check for yara rule updates at $(date)..." output_dir="/opt/so/saltstack/default/salt/strelka/rules" mkdir -p $output_dir - repos="$output_dir/repos.txt" -ignorefile="$output_dir/ignore.txt" - -deletecounter=0 newcounter=0 -updatecounter=0 {% if ISAIRGAP is sameas true %} @@ -35,58 +29,21 @@ echo "Airgap mode enabled." clone_dir="/nsm/repo/rules/strelka" repo_name="signature-base" mkdir -p /opt/so/saltstack/default/salt/strelka/rules/signature-base - +# Ensure a copy of the license is available for the rules [ -f $clone_dir/LICENSE ] && cp $clone_dir/$repo_name/LICENSE $output_dir/$repo_name # Copy over rules for i in $(find $clone_dir/yara -name "*.yar*"); do rule_name=$(echo $i | awk -F '/' '{print $NF}') - repo_sum=$(sha256sum $i | awk '{print $1}') - - # Check rules against those in ignore list -- don't copy if ignored. - if ! grep -iq $rule_name $ignorefile; then - existing_rules=$(find $output_dir/$repo_name/ -name $rule_name | wc -l) - - # For existing rules, check to see if they need to be updated, by comparing checksums - if [ $existing_rules -gt 0 ];then - local_sum=$(sha256sum $output_dir/$repo_name/$rule_name | awk '{print $1}') - if [ "$repo_sum" != "$local_sum" ]; then - echo "Checksums do not match!" - echo "Updating $rule_name..." - cp $i $output_dir/$repo_name; - ((updatecounter++)) - fi - else - # If rule doesn't exist already, we'll add it - echo "Adding new rule: $rule_name..." - cp $i $output_dir/$repo_name - ((newcounter++)) - fi - fi; -done - -# Check to see if we have any old rules that need to be removed -for i in $(find $output_dir/$repo_name -name "*.yar*" | awk -F '/' '{print $NF}'); do - is_repo_rule=$(find $clone_dir -name "$i" | wc -l) - if [ $is_repo_rule -eq 0 ]; then - echo "Could not find $i in source $repo_name repo...removing from $output_dir/$repo_name..." - rm $output_dir/$repo_name/$i - ((deletecounter++)) - fi + echo "Adding rule: $rule_name..." + cp $i $output_dir/$repo_name + ((newcounter++)) done echo "Done!" if [ "$newcounter" -gt 0 ];then - echo "$newcounter new rules added." -fi - -if [ "$updatecounter" -gt 0 ];then - echo "$updatecounter rules updated." -fi - -if [ "$deletecounter" -gt 0 ];then - echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." + echo "$newcounter rules added." fi {% else %} @@ -99,69 +56,32 @@ if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then if ! $(echo "$repo" | grep -qE '^#'); then # Remove old repo if existing bc of previous error condition or unexpected disruption repo_name=`echo $repo | awk -F '/' '{print $NF}'` - [ -d $repo_name ] && rm -rf $repo_name + [ -d $output_dir/$repo_name ] && rm -rf $output_dir/$repo_name # Clone repo and make appropriate directories for rules - git clone $repo $clone_dir/$repo_name echo "Analyzing rules from $clone_dir/$repo_name..." mkdir -p $output_dir/$repo_name + # Ensure a copy of the license is available for the rules [ -f $clone_dir/$repo_name/LICENSE ] && cp $clone_dir/$repo_name/LICENSE $output_dir/$repo_name # Copy over rules for i in $(find $clone_dir/$repo_name -name "*.yar*"); do rule_name=$(echo $i | awk -F '/' '{print $NF}') - repo_sum=$(sha256sum $i | awk '{print $1}') - - # Check rules against those in ignore list -- don't copy if ignored. - if ! grep -iq $rule_name $ignorefile; then - existing_rules=$(find $output_dir/$repo_name/ -name $rule_name | wc -l) - - # For existing rules, check to see if they need to be updated, by comparing checksums - if [ $existing_rules -gt 0 ];then - local_sum=$(sha256sum $output_dir/$repo_name/$rule_name | awk '{print $1}') - if [ "$repo_sum" != "$local_sum" ]; then - echo "Checksums do not match!" - echo "Updating $rule_name..." - cp $i $output_dir/$repo_name; - ((updatecounter++)) - fi - else - # If rule doesn't exist already, we'll add it - echo "Adding new rule: $rule_name..." - cp $i $output_dir/$repo_name - ((newcounter++)) - fi - fi; - done - - # Check to see if we have any old rules that need to be removed - for i in $(find $output_dir/$repo_name -name "*.yar*" | awk -F '/' '{print $NF}'); do - is_repo_rule=$(find $clone_dir/$repo_name -name "$i" | wc -l) - if [ $is_repo_rule -eq 0 ]; then - echo "Could not find $i in source $repo_name repo...removing from $output_dir/$repo_name..." - rm $output_dir/$repo_name/$i - ((deletecounter++)) - fi - done - rm -rf $clone_dir/$repo_name - fi - done < $repos + echo "Adding rule: $rule_name..." + cp $i $output_dir/$repo_name + ((newcounter++)) + done + rm -rf $clone_dir/$repo_name + fi + done < $repos echo "Done!" - + if [ "$newcounter" -gt 0 ];then - echo "$newcounter new rules added." + echo "$newcounter rules added." fi - - if [ "$updatecounter" -gt 0 ];then - echo "$updatecounter rules updated." - fi - - if [ "$deletecounter" -gt 0 ];then - echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." - fi - + else echo "Server returned $gh_status status code." echo "No connectivity to Github...exiting..." diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index bc95c5428..14c6963e3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -27,6 +27,7 @@ SOUP_LOG=/root/soup.log INFLUXDB_MIGRATION_LOG=/opt/so/log/influxdb/soup_migration.log WHATWOULDYOUSAYYAHDOHERE=soup whiptail_title='Security Onion UPdater' +NOTIFYCUSTOMELASTICCONFIG=false check_err() { local exit_code=$1 @@ -105,17 +106,20 @@ add_common() { airgap_mounted() { # Let's see if the ISO is already mounted. - if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then + if [[ -f /tmp/soagupdate/SecurityOnion/VERSION ]]; then echo "The ISO is already mounted" else - echo "" - cat << EOF + if [[ -z $ISOLOC ]]; then + echo "This is airgap. Ask for a location." + echo "" + cat << EOF In order for soup to proceed, the path to the downloaded Security Onion ISO file, or the path to the CD-ROM or equivalent device containing the ISO media must be provided. For example, if you have copied the new Security Onion ISO file to your home directory, then the path might look like /home/myuser/securityonion-2.x.y.iso. Or, if you have burned the new ISO onto an optical disk then the path might look like /dev/cdrom. EOF - read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC + read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC + fi if [[ -f $ISOLOC ]]; then # Mounting the ISO image mkdir -p /tmp/soagupdate @@ -131,7 +135,7 @@ EOF elif [[ -f $ISOLOC/SecurityOnion/VERSION ]]; then ln -s $ISOLOC /tmp/soagupdate echo "Found the update content" - else + elif [[ -b $ISOLOC ]]; then mkdir -p /tmp/soagupdate mount $ISOLOC /tmp/soagupdate if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then @@ -140,7 +144,11 @@ EOF exit 0 else echo "Device has been mounted!" - fi + fi + else + echo "Could not find Security Onion ISO content at ${ISOLOC}" + echo "Ensure the path you entered is correct, and that you verify the ISO that you downloaded." + exit 0 fi fi } @@ -150,7 +158,7 @@ airgap_update_dockers() { # Let's copy the tarball if [[ ! -f $AGDOCKER/registry.tar ]]; then echo "Unable to locate registry. Exiting" - exit 1 + exit 0 else echo "Stopping the registry docker" docker stop so-dockerregistry @@ -182,6 +190,50 @@ check_airgap() { fi } +# {% raw %} + +check_local_mods() { + local salt_local=/opt/so/saltstack/local + + local_mod_arr=() + + while IFS= read -r -d '' local_file; do + stripped_path=${local_file#"$salt_local"} + default_file="${DEFAULT_SALT_DIR}${stripped_path}" + if [[ -f $default_file ]]; then + file_diff=$(diff "$default_file" "$local_file" ) + if [[ $(echo "$file_diff" | grep -c "^<") -gt 0 ]]; then + local_mod_arr+=( "$local_file" ) + fi + fi + done< <(find $salt_local -type f -print0) + + if [[ ${#local_mod_arr} -gt 0 ]]; then + echo "Potentially breaking changes found in the following files (check ${DEFAULT_SALT_DIR} for original copy):" + for file_str in "${local_mod_arr[@]}"; do + echo " $file_str" + done + echo "" + echo "To reference this list later, check $SOUP_LOG" + sleep 10 + fi +} + +# {% endraw %} + +check_pillar_items() { + local pillar_output=$(salt-call pillar.items --out=json) + + cond=$(jq '.local | has("_errors")' <<< "$pillar_output") + if [[ "$cond" == "true" ]]; then + printf "\nThere is an issue rendering the manager's pillars. Please correct the issues in the sls files mentioned below before running SOUP again.\n\n" + jq '.local._errors[]' <<< "$pillar_output" + exit 0 + else + printf "\nThe manager's pillars can be rendered. We can proceed with SOUP.\n\n" + fi +} + check_sudoers() { if grep -q "so-setup" /etc/sudoers; then echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." @@ -251,25 +303,31 @@ check_os_updates() { OSUPDATES=$(yum -q list updates | wc -l) fi if [[ "$OSUPDATES" -gt 0 ]]; then - echo $NEEDUPDATES - echo "" - read -p "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm - - if [[ "$confirm" == [cC] ]]; then + if [[ -z $UNATTENDED ]]; then + echo "$NEEDUPDATES" + echo "" + read -rp "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm + if [[ "$confirm" == [cC] ]]; then echo "Continuing without updating packages" - elif [[ "$confirm" == [uU] ]]; then + elif [[ "$confirm" == [uU] ]]; then echo "Applying Grid Updates" - set +e - run_check_net_err "salt '*' -b 5 state.apply patch.os queue=True" 'Could not apply OS updates, please check your network connection.' - set -e - else + update_flag=true + else echo "Exiting soup" exit 0 + fi + else + update_flag=true fi else - echo "Looks like you have an updated OS" + echo "Looks like you have an updated OS" + fi + + if [[ $update_flag == true ]]; then + set +e + run_check_net_err "salt '*' -b 5 state.apply patch.os queue=True" 'Could not apply OS updates, please check your network connection.' + set -e fi - } clean_dockers() { @@ -335,12 +393,11 @@ preupgrade_changes() { # This function is to add any new pillar items if needed. echo "Checking to see if changes are needed." - [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 - [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 - [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 - [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20 - [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30 - [[ "$INSTALLEDVERSION" == 2.3.30 || "$INSTALLEDVERSION" == 2.3.40 ]] && up_2.3.3X_to_2.3.50 + [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_to_2.3.20 + [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_to_2.3.30 + [[ "$INSTALLEDVERSION" == 2.3.30 || "$INSTALLEDVERSION" == 2.3.40 ]] && up_to_2.3.50 + [[ "$INSTALLEDVERSION" == 2.3.50 || "$INSTALLEDVERSION" == 2.3.51 || "$INSTALLEDVERSION" == 2.3.52 || "$INSTALLEDVERSION" == 2.3.60 || "$INSTALLEDVERSION" == 2.3.61 || "$INSTALLEDVERSION" == 2.3.70 ]] && up_to_2.3.80 + [[ "$INSTALLEDVERSION" == 2.3.80 ]] && up_to_2.3.90 true } @@ -348,119 +405,66 @@ postupgrade_changes() { # This function is to add any new pillar items if needed. echo "Running post upgrade processes." - [[ "$POSTVERSION" =~ rc.1 ]] && post_rc1_to_rc2 - [[ "$POSTVERSION" == 2.3.20 || "$POSTVERSION" == 2.3.21 ]] && post_2.3.2X_to_2.3.30 - [[ "$POSTVERSION" == 2.3.30 ]] && post_2.3.30_to_2.3.40 - [[ "$POSTVERSION" == 2.3.50 ]] && post_2.3.5X_to_2.3.60 + [[ "$POSTVERSION" == 2.3.0 || "$POSTVERSION" == 2.3.1 || "$POSTVERSION" == 2.3.2 || "$POSTVERSION" == 2.3.10 || "$POSTVERSION" == 2.3.20 ]] && post_to_2.3.21 + [[ "$POSTVERSION" == 2.3.21 || "$POSTVERSION" == 2.3.30 ]] && post_to_2.3.40 + [[ "$POSTVERSION" == 2.3.40 || "$POSTVERSION" == 2.3.50 || "$POSTVERSION" == 2.3.51 || "$POSTVERSION" == 2.3.52 ]] && post_to_2.3.60 + [[ "$POSTVERSION" == 2.3.60 || "$POSTVERSION" == 2.3.61 || "$POSTVERSION" == 2.3.70 || "$POSTVERSION" == 2.3.80 ]] && post_to_2.3.90 true } -post_rc1_to_2.3.21() { +post_to_2.3.21() { salt-call state.apply playbook.OLD_db_init rm -f /opt/so/rules/elastalert/playbook/*.yaml so-playbook-ruleupdate >> /root/soup_playbook_rule_update.log 2>&1 & POSTVERSION=2.3.21 } -post_2.3.2X_to_2.3.30() { - so-playbook-sigma-refresh >> /root/soup_playbook_sigma_refresh.log 2>&1 & - POSTVERSION=2.3.30 -} - -post_2.3.30_to_2.3.40() { +post_to_2.3.40() { so-playbook-sigma-refresh >> /root/soup_playbook_sigma_refresh.log 2>&1 & so-kibana-space-defaults POSTVERSION=2.3.40 } -post_2.3.5X_to_2.3.60() { +post_to_2.3.60() { + for table in identity_recovery_addresses selfservice_recovery_flows selfservice_registration_flows selfservice_verification_flows identities identity_verification_tokens identity_credentials selfservice_settings_flows identity_recovery_tokens continuity_containers identity_credential_identifiers identity_verifiable_addresses courier_messages selfservice_errors sessions selfservice_login_flows + do + echo "Forcing Kratos network migration: $table" + sqlite3 /opt/so/conf/kratos/db/db.sqlite "update $table set nid=(select id from networks limit 1);" + done + POSTVERSION=2.3.60 } +post_to_2.3.90() { + # Do Kibana dashboard things + salt-call state.apply kibana.so_savedobjects_defaults queue=True -rc1_to_rc2() { + # Create FleetDM service account + FLEET_MANAGER=$(lookup_pillar fleet_manager) + if [[ "$FLEET_MANAGER" == "True" ]]; then + FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email) + FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password) + MYSQL_PW=$(lookup_pillar_secret mysql) - # Move the static file to global.sls - echo "Migrating static.sls to global.sls" - mv -v /opt/so/saltstack/local/pillar/static.sls /opt/so/saltstack/local/pillar/global.sls >> "$SOUP_LOG" 2>&1 - sed -i '1c\global:' /opt/so/saltstack/local/pillar/global.sls >> "$SOUP_LOG" 2>&1 + FLEET_HASH=$(docker exec so-soctopus python -c "import bcrypt; print(bcrypt.hashpw('$FLEET_SA_PW'.encode('utf-8'), bcrypt.gensalt()).decode('utf-8'));" 2>&1) + MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ + "INSERT INTO users (password,salt,email,name,global_role) VALUES ('$FLEET_HASH','','$FLEET_SA_EMAIL','$FLEET_SA_EMAIL','admin')" 2>&1) - # Moving baseurl from minion sls file to inside global.sls - local line=$(grep '^ url_base:' /opt/so/saltstack/local/pillar/minions/$MINIONID.sls) - sed -i '/^ url_base:/d' /opt/so/saltstack/local/pillar/minions/$MINIONID.sls; - sed -i "/^global:/a \\$line" /opt/so/saltstack/local/pillar/global.sls; + if [[ $? -eq 0 ]]; then + echo "Successfully added service account to Fleet" + else + echo "Unable to add service account to Fleet" + echo "$MYSQL_OUTPUT" + fi + fi - # Adding play values to the global.sls - local HIVEPLAYSECRET=$(get_random_value) - local CORTEXPLAYSECRET=$(get_random_value) - sed -i "/^global:/a \\ hiveplaysecret: $HIVEPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; - sed -i "/^global:/a \\ cortexplaysecret: $CORTEXPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; - - # Move storage nodes to hostname for SSL - # Get a list we can use: - grep -A1 searchnode /opt/so/saltstack/local/pillar/data/nodestab.sls | grep -v '\-\-' | sed '$!N;s/\n/ /' | awk '{print $1,$3}' | awk '/_searchnode:/{gsub(/\_searchnode:/, "_searchnode"); print}' >/tmp/nodes.txt - # Remove the nodes from cluster settings - while read p; do - local NAME=$(echo $p | awk '{print $1}') - local IP=$(echo $p | awk '{print $2}') - echo "Removing the old cross cluster config for $NAME" - curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_cluster/settings -d '{"persistent":{"cluster":{"remote":{"'$NAME'":{"skip_unavailable":null,"seeds":null}}}}}' - done > /opt/so/saltstack/local/salt/idstools/local.rules - fi - rm -rf /opt/so/saltstack/local/salt/idstools/localrules - rm -rf /opt/so/saltstack/default/salt/idstools/localrules - - # Rename mdengine to MDENGINE - sed -i "s/ zeekversion/ mdengine/g" /opt/so/saltstack/local/pillar/global.sls - # Enable Strelka Rules - sed -i "/ rules:/c\ rules: 1" /opt/so/saltstack/local/pillar/global.sls - - INSTALLEDVERSION=rc.3 + POSTVERSION=2.3.90 } -rc3_to_2.3.0() { - # Fix Tab Complete - if [ ! -f /etc/profile.d/securityonion.sh ]; then - echo "complete -cf sudo" > /etc/profile.d/securityonion.sh - fi - { - echo "redis_settings:" - echo " redis_maxmemory: 827" - echo "playbook:" - echo " api_key: de6639318502476f2fa5aa06f43f51fb389a3d7f" - } >> /opt/so/saltstack/local/pillar/global.sls - - sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls - { - echo "playbook_admin: $(get_random_value)" - echo "playbook_automation: $(get_random_value)" - } >> /opt/so/saltstack/local/pillar/secrets.sls - - INSTALLEDVERSION=2.3.0 -} - -up_2.3.0_to_2.3.20(){ +up_to_2.3.20(){ DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 # Remove PCAP from global sed '/pcap:/d' /opt/so/saltstack/local/pillar/global.sls @@ -498,7 +502,7 @@ up_2.3.0_to_2.3.20(){ INSTALLEDVERSION=2.3.20 } -up_2.3.2X_to_2.3.30() { +up_to_2.3.30() { # Replace any curly brace scalars with the same scalar in single quotes readarray -t minion_pillars <<< "$(find /opt/so/saltstack/local/pillar/minions -type f -name '*.sls')" for pillar in "${minion_pillars[@]}"; do @@ -521,32 +525,7 @@ up_2.3.2X_to_2.3.30() { INSTALLEDVERSION=2.3.30 } -upgrade_to_2.3.50_repo() { - echo "Performing repo changes." - if [[ "$OS" == "centos" ]]; then - # Import GPG Keys - gpg_rpm_import - echo "Disabling fastestmirror." - disable_fastestmirror - echo "Deleting unneeded repo files." - DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh') - - for DELREPO in "${DELREPOS[@]}"; do - if [[ -f "/etc/yum.repos.d/$DELREPO.repo" ]]; then - echo "Deleting $DELREPO.repo" - rm -f "/etc/yum.repos.d/$DELREPO.repo" - fi - done - if [[ $is_airgap -eq 1 ]]; then - # Copy the new repo file if not airgap - cp $UPDATE_DIR/salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ - yum clean all - yum repolist - fi - fi -} - -up_2.3.3X_to_2.3.50() { +up_to_2.3.50() { cat < /tmp/supersed.txt /so-zeek:/ { @@ -578,6 +557,89 @@ EOF INSTALLEDVERSION=2.3.50 } +up_to_2.3.80() { + + # Remove watermark settings from global.sls + sed -i '/ cluster_routing_allocation_disk/d' /opt/so/saltstack/local/pillar/global.sls + + # Add new indices to the global + sed -i '/ index_settings:/a \\ so-elasticsearch: \n shards: 1 \n warm: 7 \n close: 30 \n delete: 365' /opt/so/saltstack/local/pillar/global.sls + sed -i '/ index_settings:/a \\ so-logstash: \n shards: 1 \n warm: 7 \n close: 30 \n delete: 365' /opt/so/saltstack/local/pillar/global.sls + sed -i '/ index_settings:/a \\ so-kibana: \n shards: 1 \n warm: 7 \n close: 30 \n delete: 365' /opt/so/saltstack/local/pillar/global.sls + sed -i '/ index_settings:/a \\ so-redis: \n shards: 1 \n warm: 7 \n close: 30 \n delete: 365' /opt/so/saltstack/local/pillar/global.sls + + # Do some pillar formatting + tc=$(grep -w true_cluster /opt/so/saltstack/local/pillar/global.sls | awk -F: {'print tolower($2)'}| xargs) + + if [[ "$tc" == "true" ]]; then + tcname=$(grep -w true_cluster_name /opt/so/saltstack/local/pillar/global.sls | awk -F: {'print $2'}) + sed -i "/^elasticsearch:/a \\ config: \n cluster: \n name: $tcname" /opt/so/saltstack/local/pillar/global.sls + sed -i '/ true_cluster_name/d' /opt/so/saltstack/local/pillar/global.sls + sed -i '/ esclustername/d' /opt/so/saltstack/local/pillar/global.sls + + for file in /opt/so/saltstack/local/pillar/minions/*.sls; do + if [[ ${file} != *"manager.sls"* ]]; then + noderoutetype=$(grep -w node_route_type $file | awk -F: {'print $2'}) + if [ -n "$noderoutetype" ]; then + sed -i "/^elasticsearch:/a \\ config: \n node: \n attr: \n box_type: $noderoutetype" $file + sed -i '/ node_route_type/d' $file + noderoutetype='' + fi + fi + done + fi + + # check for local es config to inform user that the config in local is now ignored and those options need to be placed in the pillar + if [ -f "/opt/so/saltstack/local/salt/elasticsearch/files/elasticsearch.yml" ]; then + NOTIFYCUSTOMELASTICCONFIG=true + fi + + INSTALLEDVERSION=2.3.80 +} + +up_to_2.3.90() { + for i in manager managersearch eval standalone; do + if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls" > /dev/null; then + echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*_$i.sls + sed -i "/^soc:/a \\ es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*_$i.sls + fi + done + + # Create Endgame Hostgroup + so-firewall addhostgroup endgame + + # Force influx to generate a new cert + mv /etc/pki/influxdb.crt /etc/pki/influxdb.crt.2390upgrade + mv /etc/pki/influxdb.key /etc/pki/influxdb.key.2390upgrade + + # remove old common ingest pipeline in default + rm -vf /opt/so/saltstack/default/salt/elasticsearch/files/ingest/common + # if custom common, move from local ingest to local ingest-dynamic + mkdir -vp /opt/so/saltstack/local/salt/elasticsearch/files/ingest-dynamic + if [[ -f "/opt/so/saltstack/local/salt/elasticsearch/files/ingest/common" ]]; then + mv -v /opt/so/saltstack/local/salt/elasticsearch/files/ingest/common /opt/so/saltstack/local/salt/elasticsearch/files/ingest-dynamic/common + # since json file, we need to wrap with raw + sed -i '1s/^/{{'{% raw %}'}}\n/' /opt/so/saltstack/local/salt/elasticsearch/files/ingest-dynamic/common + sed -i -e '$a{{'{% endraw %}'}}\n' /opt/so/saltstack/local/salt/elasticsearch/files/ingest-dynamic/common + fi + + # Generate FleetDM Service Account creds if they do not exist + if grep -q "fleet_sa_email" /opt/so/saltstack/local/pillar/secrets.sls; then + echo "FleetDM Service Account credentials already created..." + else + echo "Generating FleetDM Service Account credentials..." + FLEETSAPASS=$(get_random_value) + printf '%s\n'\ + " fleet_sa_email: service.account@securityonion.invalid"\ + " fleet_sa_password: $FLEETSAPASS"\ + >> /opt/so/saltstack/local/pillar/secrets.sls + + fi + + INSTALLEDVERSION=2.3.90 +} + + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then @@ -593,7 +655,7 @@ upgrade_space() { clean_dockers if ! verify_upgradespace; then echo "There is not enough space to perform the upgrade. Please free up space and try again" - exit 1 + exit 0 fi else echo "You have enough space for upgrade. Proceeding with soup." @@ -618,8 +680,8 @@ thehive_maint() { done if [ "$THEHIVE_CONNECTED" == "yes" ]; then echo "Migrating thehive databases if needed." - curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" - curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" + curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1 + curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1 fi } @@ -719,6 +781,31 @@ upgrade_salt() { fi } +upgrade_to_2.3.50_repo() { + echo "Performing repo changes." + if [[ "$OS" == "centos" ]]; then + # Import GPG Keys + gpg_rpm_import + echo "Disabling fastestmirror." + disable_fastestmirror + echo "Deleting unneeded repo files." + DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh') + + for DELREPO in "${DELREPOS[@]}"; do + if [[ -f "/etc/yum.repos.d/$DELREPO.repo" ]]; then + echo "Deleting $DELREPO.repo" + rm -f "/etc/yum.repos.d/$DELREPO.repo" + fi + done + if [[ $is_airgap -eq 1 ]]; then + # Copy the new repo file if not airgap + cp $UPDATE_DIR/salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ + yum clean all + yum repolist + fi + fi +} + verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') @@ -743,39 +830,25 @@ verify_latest_update_script() { } main() { - set -e - set +e trap 'check_err $?' EXIT - echo "### Preparing soup at $(date) ###" - while getopts ":b" opt; do - case "$opt" in - b ) # process option b - shift - BATCHSIZE=$1 - if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then - echo "Batch size must be a number greater than 0." - exit 1 - fi - ;; - \? ) - echo "Usage: cmd [-b]" - ;; - esac - done + check_pillar_items + echo "Checking to see if this is an airgap install." + echo "" + check_airgap + if [[ $is_airgap -eq 0 && $UNATTENDED == true && -z $ISOLOC ]]; then + echo "Missing file argument (-f ) for unattended airgap upgrade." + exit 0 + fi echo "Checking to see if this is a manager." echo "" require_manager set_minionid - echo "Checking to see if this is an airgap install." - echo "" - check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" if [[ $is_airgap -eq 0 ]]; then # Let's mount the ISO since this is airgap - echo "This is airgap. Ask for a location." airgap_mounted else echo "Cloning Security Onion github repo into $UPDATE_DIR." @@ -863,7 +936,7 @@ main() { echo "Once the issue is resolved, run soup again." echo "Exiting." echo "" - exit 1 + exit 0 else echo "Salt upgrade success." echo "" @@ -922,8 +995,6 @@ main() { set +e salt-call state.highstate -l info queue=True set -e - echo "" - echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." echo "" echo "Stopping Salt Master to remove ACL" @@ -946,6 +1017,13 @@ main() { [[ $is_airgap -eq 0 ]] && unmount_update thehive_maint + echo "" + echo "Upgrade to $NEWVERSION complete." + + # Everything beyond this is post-upgrade checking, don't fail past this point if something here causes an error + set +e + + echo "Checking the number of minions." NUM_MINIONS=$(ls /opt/so/saltstack/local/pillar/minions/*_*.sls | wc -l) if [[ $UPGRADESALT -eq 1 ]] && [[ $NUM_MINIONS -gt 1 ]]; then if [[ $is_airgap -eq 0 ]]; then @@ -956,8 +1034,15 @@ main() { fi fi + echo "Checking for local modifications." + check_local_mods + + echo "Checking sudoers file." check_sudoers + echo "Checking for necessary user migrations." + so-user migrate + if [[ -n $lsl_msg ]]; then case $lsl_msg in 'distributed') @@ -993,10 +1078,56 @@ EOF fi fi + if [ "$NOTIFYCUSTOMELASTICCONFIG" = true ] ; then + + cat << EOF + + +A custom Elasticsearch configuration has been found at /opt/so/saltstack/local/elasticsearch/files/elasticsearch.yml. This file is no longer referenced in Security Onion versions >= 2.3.80. + +If you still need those customizations, you'll need to manually migrate them to the new Elasticsearch config as shown at https://docs.securityonion.net/en/2.3/elasticsearch.html. + +EOF + + fi + echo "### soup has been served at $(date) ###" } -cat << EOF +while getopts ":b:f:y" opt; do + case ${opt} in + b ) + BATCHSIZE="$OPTARG" + if ! [[ "$BATCHSIZE" =~ ^[1-9][0-9]*$ ]]; then + echo "Batch size must be a number greater than 0." + exit 1 + fi + ;; + y ) + if [[ ! -f /opt/so/state/yeselastic.txt ]]; then + echo "Cannot run soup in unattended mode. You must run soup manually to accept the Elastic License." + exit 1 + else + UNATTENDED=true + fi + ;; + f ) + ISOLOC="$OPTARG" + ;; + \? ) + echo "Usage: soup [-b] [-y] [-f ]" + exit 1 + ;; + : ) + echo "Invalid option: $OPTARG requires an argument" + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +if [[ -z $UNATTENDED ]]; then + cat << EOF SOUP - Security Onion UPdater @@ -1008,7 +1139,9 @@ Press Enter to continue or Ctrl-C to cancel. EOF -read -r input + read -r input +fi +echo "### Preparing soup at $(date) ###" main "$@" | tee -a $SOUP_LOG diff --git a/salt/curator/files/action/so-aws-close.yml b/salt/curator/files/action/so-aws-close.yml new file mode 100644 index 000000000..44f0bfa97 --- /dev/null +++ b/salt/curator/files/action/so-aws-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-aws:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close aws indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-aws.*|so-aws.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-aws-delete.yml b/salt/curator/files/action/so-aws-delete.yml new file mode 100644 index 000000000..a67ee88b8 --- /dev/null +++ b/salt/curator/files/action/so-aws-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete aws indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-aws.*|so-aws.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-aws-warm.yml b/salt/curator/files/action/so-aws-warm.yml new file mode 100644 index 000000000..5369ed9a9 --- /dev/null +++ b/salt/curator/files/action/so-aws-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-aws + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-azure-close.yml b/salt/curator/files/action/so-azure-close.yml new file mode 100644 index 000000000..901b2c0ba --- /dev/null +++ b/salt/curator/files/action/so-azure-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-azure:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close azure indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-azure.*|so-azure.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-azure-delete.yml b/salt/curator/files/action/so-azure-delete.yml new file mode 100644 index 000000000..102a69d3d --- /dev/null +++ b/salt/curator/files/action/so-azure-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete azure indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-azure.*|so-azure.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-azure-warm.yml b/salt/curator/files/action/so-azure-warm.yml new file mode 100644 index 000000000..d6f606125 --- /dev/null +++ b/salt/curator/files/action/so-azure-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-azure:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-azure + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-barracuda-close.yml b/salt/curator/files/action/so-barracuda-close.yml new file mode 100644 index 000000000..496832db7 --- /dev/null +++ b/salt/curator/files/action/so-barracuda-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close barracuda indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-barracuda.*|so-barracuda.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-barracuda-delete.yml b/salt/curator/files/action/so-barracuda-delete.yml new file mode 100644 index 000000000..49d472618 --- /dev/null +++ b/salt/curator/files/action/so-barracuda-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete barracuda indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-barracuda.*|so-barracuda.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-barracuda-warm.yml b/salt/curator/files/action/so-barracuda-warm.yml new file mode 100644 index 000000000..334a4114a --- /dev/null +++ b/salt/curator/files/action/so-barracuda-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-barracuda + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml new file mode 100644 index 000000000..77931d661 --- /dev/null +++ b/salt/curator/files/action/so-beats-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete beats indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-beats.*|so-beats.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-beats-warm.yml b/salt/curator/files/action/so-beats-warm.yml new file mode 100644 index 000000000..da9f76656 --- /dev/null +++ b/salt/curator/files/action/so-beats-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-beats:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-beats + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-bluecoat-close.yml b/salt/curator/files/action/so-bluecoat-close.yml new file mode 100644 index 000000000..86d9277eb --- /dev/null +++ b/salt/curator/files/action/so-bluecoat-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close bluecoat indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-bluecoat.*|so-bluecoat.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-bluecoat-delete.yml b/salt/curator/files/action/so-bluecoat-delete.yml new file mode 100644 index 000000000..318624416 --- /dev/null +++ b/salt/curator/files/action/so-bluecoat-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete bluecoat indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-bluecoat.*|so-bluecoat.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-bluecoat-warm.yml b/salt/curator/files/action/so-bluecoat-warm.yml new file mode 100644 index 000000000..47a8d712f --- /dev/null +++ b/salt/curator/files/action/so-bluecoat-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-bluecoat + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-cef-close.yml b/salt/curator/files/action/so-cef-close.yml new file mode 100644 index 000000000..49e07f764 --- /dev/null +++ b/salt/curator/files/action/so-cef-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cef:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close cef indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cef.*|so-cef.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-cef-delete.yml b/salt/curator/files/action/so-cef-delete.yml new file mode 100644 index 000000000..0ee7d6501 --- /dev/null +++ b/salt/curator/files/action/so-cef-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete cef indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cef.*|so-cef.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-cef-warm.yml b/salt/curator/files/action/so-cef-warm.yml new file mode 100644 index 000000000..0a79fd2ba --- /dev/null +++ b/salt/curator/files/action/so-cef-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cef:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-cef + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-checkpoint-close.yml b/salt/curator/files/action/so-checkpoint-close.yml new file mode 100644 index 000000000..cffdf6473 --- /dev/null +++ b/salt/curator/files/action/so-checkpoint-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close checkpoint indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-checkpoint.*|so-checkpoint.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-checkpoint-delete.yml b/salt/curator/files/action/so-checkpoint-delete.yml new file mode 100644 index 000000000..d1ac13efe --- /dev/null +++ b/salt/curator/files/action/so-checkpoint-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete checkpoint indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-checkpoint.*|so-checkpoint.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-checkpoint-warm.yml b/salt/curator/files/action/so-checkpoint-warm.yml new file mode 100644 index 000000000..0aaec1e19 --- /dev/null +++ b/salt/curator/files/action/so-checkpoint-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-checkpoint + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-cisco-close.yml b/salt/curator/files/action/so-cisco-close.yml new file mode 100644 index 000000000..cd1faade1 --- /dev/null +++ b/salt/curator/files/action/so-cisco-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cisco:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close cisco indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cisco.*|so-cisco.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-cisco-delete.yml b/salt/curator/files/action/so-cisco-delete.yml new file mode 100644 index 000000000..bb5e06f7f --- /dev/null +++ b/salt/curator/files/action/so-cisco-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete cisco indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cisco.*|so-cisco.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-cisco-warm.yml b/salt/curator/files/action/so-cisco-warm.yml new file mode 100644 index 000000000..a143a95c2 --- /dev/null +++ b/salt/curator/files/action/so-cisco-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-cisco + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-cyberark-close.yml b/salt/curator/files/action/so-cyberark-close.yml new file mode 100644 index 000000000..e352e8355 --- /dev/null +++ b/salt/curator/files/action/so-cyberark-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close cyberark indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cyberark.*|so-cyberark.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-cyberark-delete.yml b/salt/curator/files/action/so-cyberark-delete.yml new file mode 100644 index 000000000..784f6881e --- /dev/null +++ b/salt/curator/files/action/so-cyberark-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete cyberark indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cyberark.*|so-cyberark.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-cyberark-warm.yml b/salt/curator/files/action/so-cyberark-warm.yml new file mode 100644 index 000000000..8eae0b542 --- /dev/null +++ b/salt/curator/files/action/so-cyberark-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-cyberark + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-cylance-close.yml b/salt/curator/files/action/so-cylance-close.yml new file mode 100644 index 000000000..d808569fb --- /dev/null +++ b/salt/curator/files/action/so-cylance-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-cylance:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close cylance indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cylance.*|so-cylance.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-cylance-delete.yml b/salt/curator/files/action/so-cylance-delete.yml new file mode 100644 index 000000000..54cf3938b --- /dev/null +++ b/salt/curator/files/action/so-cylance-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete cylance indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-cylance.*|so-cylance.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-cylance-warm.yml b/salt/curator/files/action/so-cylance-warm.yml new file mode 100644 index 000000000..c9da7e68a --- /dev/null +++ b/salt/curator/files/action/so-cylance-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-cylance + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml new file mode 100644 index 000000000..3c4ff0dac --- /dev/null +++ b/salt/curator/files/action/so-elasticsearch-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close elasticsearch indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-elasticsearch.*|so-elasticsearch.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml new file mode 100644 index 000000000..05cc68abe --- /dev/null +++ b/salt/curator/files/action/so-elasticsearch-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete elasticsearch indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-elasticsearch.*|so-elasticsearch.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-elasticsearch-warm.yml b/salt/curator/files/action/so-elasticsearch-warm.yml new file mode 100644 index 000000000..9d82fc27b --- /dev/null +++ b/salt/curator/files/action/so-elasticsearch-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-elasticsearch + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-endgame-close.yml b/salt/curator/files/action/so-endgame-close.yml new file mode 100644 index 000000000..4c4d38341 --- /dev/null +++ b/salt/curator/files/action/so-endgame-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-endgame:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close Endgame indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-endgame.*|so-endgame.*|endgame.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-endgame-delete.yml b/salt/curator/files/action/so-endgame-delete.yml new file mode 100644 index 000000000..53d34b6d6 --- /dev/null +++ b/salt/curator/files/action/so-endgame-delete.yml @@ -0,0 +1,27 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete Endgame indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-endgame.*|so-endgame.*|endgame.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: diff --git a/salt/curator/files/action/so-endgame-warm.yml b/salt/curator/files/action/so-endgame-warm.yml new file mode 100644 index 000000000..4856a3928 --- /dev/null +++ b/salt/curator/files/action/so-endgame-warm.yml @@ -0,0 +1,23 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-endgame.*|so-endgame.*|endgame.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} diff --git a/salt/curator/files/action/so-f5-close.yml b/salt/curator/files/action/so-f5-close.yml new file mode 100644 index 000000000..e1cdb48a1 --- /dev/null +++ b/salt/curator/files/action/so-f5-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-f5:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close f5 indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-f5.*|so-f5.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-f5-delete.yml b/salt/curator/files/action/so-f5-delete.yml new file mode 100644 index 000000000..06704010a --- /dev/null +++ b/salt/curator/files/action/so-f5-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete f5 indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-f5.*|so-f5.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-f5-warm.yml b/salt/curator/files/action/so-f5-warm.yml new file mode 100644 index 000000000..12fbbe7ad --- /dev/null +++ b/salt/curator/files/action/so-f5-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-f5:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-f5 + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml new file mode 100644 index 000000000..7588de437 --- /dev/null +++ b/salt/curator/files/action/so-firewall-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete firewall indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-firewall.*|so-firewall.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-firewall-warm.yml b/salt/curator/files/action/so-firewall-warm.yml new file mode 100644 index 000000000..2e9643dc3 --- /dev/null +++ b/salt/curator/files/action/so-firewall-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-firewall + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-fortinet-close.yml b/salt/curator/files/action/so-fortinet-close.yml new file mode 100644 index 000000000..e11fb86c6 --- /dev/null +++ b/salt/curator/files/action/so-fortinet-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close fortinet indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-fortinet.*|so-fortinet.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-fortinet-delete.yml b/salt/curator/files/action/so-fortinet-delete.yml new file mode 100644 index 000000000..9379e47c2 --- /dev/null +++ b/salt/curator/files/action/so-fortinet-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete fortinet indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-fortinet.*|so-fortinet.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-fortinet-warm.yml b/salt/curator/files/action/so-fortinet-warm.yml new file mode 100644 index 000000000..db9a6f2db --- /dev/null +++ b/salt/curator/files/action/so-fortinet-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-fortinet + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-gcp-close.yml b/salt/curator/files/action/so-gcp-close.yml new file mode 100644 index 000000000..f9dd0af24 --- /dev/null +++ b/salt/curator/files/action/so-gcp-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-gcp:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close gcp indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-gcp.*|so-gcp.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-gcp-delete.yml b/salt/curator/files/action/so-gcp-delete.yml new file mode 100644 index 000000000..5c8ab33d8 --- /dev/null +++ b/salt/curator/files/action/so-gcp-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete gcp indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-gcp.*|so-gcp.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-gcp-warm.yml b/salt/curator/files/action/so-gcp-warm.yml new file mode 100644 index 000000000..3bb9eee80 --- /dev/null +++ b/salt/curator/files/action/so-gcp-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-gcp + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-google_workspace-close.yml b/salt/curator/files/action/so-google_workspace-close.yml new file mode 100644 index 000000000..1ecda5893 --- /dev/null +++ b/salt/curator/files/action/so-google_workspace-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close google_workspace indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-google_workspace.*|so-google_workspace.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-google_workspace-delete.yml b/salt/curator/files/action/so-google_workspace-delete.yml new file mode 100644 index 000000000..923feda8f --- /dev/null +++ b/salt/curator/files/action/so-google_workspace-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete google_workspace indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-google_workspace.*|so-google_workspace.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-google_workspace-warm.yml b/salt/curator/files/action/so-google_workspace-warm.yml new file mode 100644 index 000000000..7eb2d883f --- /dev/null +++ b/salt/curator/files/action/so-google_workspace-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-google_workspace + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml new file mode 100644 index 000000000..e5bda4e34 --- /dev/null +++ b/salt/curator/files/action/so-ids-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete IDS indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-ids.*|so-ids.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-ids-warm.yml b/salt/curator/files/action/so-ids-warm.yml new file mode 100644 index 000000000..0edad5b5b --- /dev/null +++ b/salt/curator/files/action/so-ids-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ids:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-ids + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-imperva-close.yml b/salt/curator/files/action/so-imperva-close.yml new file mode 100644 index 000000000..55ec2e472 --- /dev/null +++ b/salt/curator/files/action/so-imperva-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-imperva:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close imperva indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-imperva.*|so-imperva.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-imperva-delete.yml b/salt/curator/files/action/so-imperva-delete.yml new file mode 100644 index 000000000..b5526e2fb --- /dev/null +++ b/salt/curator/files/action/so-imperva-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete imperva indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-imperva.*|so-imperva.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-imperva-warm.yml b/salt/curator/files/action/so-imperva-warm.yml new file mode 100644 index 000000000..0297d5cd6 --- /dev/null +++ b/salt/curator/files/action/so-imperva-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-imperva + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml new file mode 100644 index 000000000..aa9808c5f --- /dev/null +++ b/salt/curator/files/action/so-import-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete import indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-import.*|so-import.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-import-warm.yml b/salt/curator/files/action/so-import-warm.yml new file mode 100644 index 000000000..3a6fa3d3d --- /dev/null +++ b/salt/curator/files/action/so-import-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-import:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-import + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-infoblox-close.yml b/salt/curator/files/action/so-infoblox-close.yml new file mode 100644 index 000000000..9fd4c5070 --- /dev/null +++ b/salt/curator/files/action/so-infoblox-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close infoblox indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-infoblox.*|so-infoblox.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-infoblox-delete.yml b/salt/curator/files/action/so-infoblox-delete.yml new file mode 100644 index 000000000..0a7fdafbe --- /dev/null +++ b/salt/curator/files/action/so-infoblox-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete infoblox indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-infoblox.*|so-infoblox.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-infoblox-warm.yml b/salt/curator/files/action/so-infoblox-warm.yml new file mode 100644 index 000000000..a2f571b7a --- /dev/null +++ b/salt/curator/files/action/so-infoblox-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-infoblox + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-juniper-close.yml b/salt/curator/files/action/so-juniper-close.yml new file mode 100644 index 000000000..466a51eca --- /dev/null +++ b/salt/curator/files/action/so-juniper-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-juniper:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close juniper indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-juniper.*|so-juniper.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-juniper-delete.yml b/salt/curator/files/action/so-juniper-delete.yml new file mode 100644 index 000000000..18abc86ac --- /dev/null +++ b/salt/curator/files/action/so-juniper-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete juniper indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-juniper.*|so-juniper.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-juniper-warm.yml b/salt/curator/files/action/so-juniper-warm.yml new file mode 100644 index 000000000..5369ed9a9 --- /dev/null +++ b/salt/curator/files/action/so-juniper-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-aws + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml new file mode 100644 index 000000000..7347fb01c --- /dev/null +++ b/salt/curator/files/action/so-kibana-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close kibana indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-kibana.*|so-kibana.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml new file mode 100644 index 000000000..5a775b8de --- /dev/null +++ b/salt/curator/files/action/so-kibana-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete kibana indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-kibana.*|so-kibana.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-kibana-warm.yml b/salt/curator/files/action/so-kibana-warm.yml new file mode 100644 index 000000000..b5674c8c3 --- /dev/null +++ b/salt/curator/files/action/so-kibana-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-kibana + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml new file mode 100644 index 000000000..23787e237 --- /dev/null +++ b/salt/curator/files/action/so-logstash-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-logstash:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close logstash indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-logstash.*|so-logstash.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml new file mode 100644 index 000000000..d9ff848da --- /dev/null +++ b/salt/curator/files/action/so-logstash-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete logstash indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-logstash.*|so-logstash.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-logstash-warm.yml b/salt/curator/files/action/so-logstash-warm.yml new file mode 100644 index 000000000..826bf2975 --- /dev/null +++ b/salt/curator/files/action/so-logstash-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-logstash + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-microsoft-close.yml b/salt/curator/files/action/so-microsoft-close.yml new file mode 100644 index 000000000..f4eaf738f --- /dev/null +++ b/salt/curator/files/action/so-microsoft-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close microsoft indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-microsoft.*|so-microsoft.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-microsoft-delete.yml b/salt/curator/files/action/so-microsoft-delete.yml new file mode 100644 index 000000000..f1a854c83 --- /dev/null +++ b/salt/curator/files/action/so-microsoft-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete microsoft indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-microsoft.*|so-microsoft.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-microsoft-warm.yml b/salt/curator/files/action/so-microsoft-warm.yml new file mode 100644 index 000000000..551d0cb56 --- /dev/null +++ b/salt/curator/files/action/so-microsoft-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-microsoft + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-misp-close.yml b/salt/curator/files/action/so-misp-close.yml new file mode 100644 index 000000000..e39781353 --- /dev/null +++ b/salt/curator/files/action/so-misp-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-misp:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close misp indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-misp.*|so-misp.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-misp-delete.yml b/salt/curator/files/action/so-misp-delete.yml new file mode 100644 index 000000000..ceaa9c73d --- /dev/null +++ b/salt/curator/files/action/so-misp-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete misp indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-misp.*|so-misp.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-misp-warm.yml b/salt/curator/files/action/so-misp-warm.yml new file mode 100644 index 000000000..af29975b0 --- /dev/null +++ b/salt/curator/files/action/so-misp-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-misp:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-misp + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml new file mode 100644 index 000000000..cc9ade28d --- /dev/null +++ b/salt/curator/files/action/so-netflow-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netflow:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close netflow indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-netflow.*|so-netflow.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml new file mode 100644 index 000000000..5bc76ad15 --- /dev/null +++ b/salt/curator/files/action/so-netflow-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete netflow indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-netflow.*|so-netflow.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-netflow-warm.yml b/salt/curator/files/action/so-netflow-warm.yml new file mode 100644 index 000000000..ea57bb72b --- /dev/null +++ b/salt/curator/files/action/so-netflow-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-netflow + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-netscout-close.yml b/salt/curator/files/action/so-netscout-close.yml new file mode 100644 index 000000000..d99374d2f --- /dev/null +++ b/salt/curator/files/action/so-netscout-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-netscout:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close netscout indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-netscout.*|so-netscout.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-netscout-delete.yml b/salt/curator/files/action/so-netscout-delete.yml new file mode 100644 index 000000000..3c0e249b5 --- /dev/null +++ b/salt/curator/files/action/so-netscout-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete netscout indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-netscout.*|so-netscout.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-netscout-warm.yml b/salt/curator/files/action/so-netscout-warm.yml new file mode 100644 index 000000000..1b93c3118 --- /dev/null +++ b/salt/curator/files/action/so-netscout-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-netscout + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-o365-close.yml b/salt/curator/files/action/so-o365-close.yml new file mode 100644 index 000000000..4dece060f --- /dev/null +++ b/salt/curator/files/action/so-o365-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-o365:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close o365 indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-o365.*|so-o365.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-o365-delete.yml b/salt/curator/files/action/so-o365-delete.yml new file mode 100644 index 000000000..13c7c1344 --- /dev/null +++ b/salt/curator/files/action/so-o365-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete o365 indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-o365.*|so-o365.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-o365-warm.yml b/salt/curator/files/action/so-o365-warm.yml new file mode 100644 index 000000000..cbb7bc24e --- /dev/null +++ b/salt/curator/files/action/so-o365-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-o365:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-o365 + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-okta-close.yml b/salt/curator/files/action/so-okta-close.yml new file mode 100644 index 000000000..10f7e4b60 --- /dev/null +++ b/salt/curator/files/action/so-okta-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-okta:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close okta indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-okta.*|so-okta.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-okta-warm.yml b/salt/curator/files/action/so-okta-warm.yml new file mode 100644 index 000000000..75764860d --- /dev/null +++ b/salt/curator/files/action/so-okta-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-okta + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-okta.delete.yml b/salt/curator/files/action/so-okta.delete.yml new file mode 100644 index 000000000..1beeb0fc0 --- /dev/null +++ b/salt/curator/files/action/so-okta.delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-okta:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete okta indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-okta.*|so-okta.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml new file mode 100644 index 000000000..d77b1b3d1 --- /dev/null +++ b/salt/curator/files/action/so-osquery-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete import indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-osquery.*|so-osquery.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-osquery-warm.yml b/salt/curator/files/action/so-osquery-warm.yml new file mode 100644 index 000000000..156a83c7a --- /dev/null +++ b/salt/curator/files/action/so-osquery-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-osquery + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml new file mode 100644 index 000000000..7aea13e41 --- /dev/null +++ b/salt/curator/files/action/so-ossec-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete ossec indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-ossec.*|so-ossec.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-ossec-warm.yml b/salt/curator/files/action/so-ossec-warm.yml new file mode 100644 index 000000000..769d6cbea --- /dev/null +++ b/salt/curator/files/action/so-ossec-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-ossec + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-proofpoint-close.yml b/salt/curator/files/action/so-proofpoint-close.yml new file mode 100644 index 000000000..888c9fc64 --- /dev/null +++ b/salt/curator/files/action/so-proofpoint-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close proofpoint indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-proofpoint.*|so-proofpoint.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-proofpoint-delete.yml b/salt/curator/files/action/so-proofpoint-delete.yml new file mode 100644 index 000000000..903dde204 --- /dev/null +++ b/salt/curator/files/action/so-proofpoint-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete proofpoint indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-proofpoint.*|so-proofpoint.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-proofpoint-warm.yml b/salt/curator/files/action/so-proofpoint-warm.yml new file mode 100644 index 000000000..8304ae41a --- /dev/null +++ b/salt/curator/files/action/so-proofpoint-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-proofpoint + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-radware-close.yml b/salt/curator/files/action/so-radware-close.yml new file mode 100644 index 000000000..59a7bbafd --- /dev/null +++ b/salt/curator/files/action/so-radware-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-radware:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close radware indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-radware.*|so-radware.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-radware-delete.yml b/salt/curator/files/action/so-radware-delete.yml new file mode 100644 index 000000000..1fe09cded --- /dev/null +++ b/salt/curator/files/action/so-radware-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete radware indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-radware.*|so-radware.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-radware-warm.yml b/salt/curator/files/action/so-radware-warm.yml new file mode 100644 index 000000000..8d4337aaf --- /dev/null +++ b/salt/curator/files/action/so-radware-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-radware:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-radware + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml new file mode 100644 index 000000000..b69935f21 --- /dev/null +++ b/salt/curator/files/action/so-redis-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-redis:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close redis indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-redis.*|so-redis.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml new file mode 100644 index 000000000..f6e73dce8 --- /dev/null +++ b/salt/curator/files/action/so-redis-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete redis indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-redis.*|so-redis.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-redis-warm.yml b/salt/curator/files/action/so-redis-warm.yml new file mode 100644 index 000000000..a5b1055c3 --- /dev/null +++ b/salt/curator/files/action/so-redis-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-redis:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-redis + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-snort-close.yml b/salt/curator/files/action/so-snort-close.yml new file mode 100644 index 000000000..8f6209255 --- /dev/null +++ b/salt/curator/files/action/so-snort-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snort:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close snort indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-snort.*|so-snort.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-snort-delete.yml b/salt/curator/files/action/so-snort-delete.yml new file mode 100644 index 000000000..50f68988b --- /dev/null +++ b/salt/curator/files/action/so-snort-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete snort indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-snort.*|so-snort.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-snort-warm.yml b/salt/curator/files/action/so-snort-warm.yml new file mode 100644 index 000000000..3bbc977e2 --- /dev/null +++ b/salt/curator/files/action/so-snort-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snort:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-snort + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-snyk-close.yml b/salt/curator/files/action/so-snyk-close.yml new file mode 100644 index 000000000..e13d8f98d --- /dev/null +++ b/salt/curator/files/action/so-snyk-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-snyk:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close snyk indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-snyk.*|so-snyk.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-snyk-delete.yml b/salt/curator/files/action/so-snyk-delete.yml new file mode 100644 index 000000000..cec0b942f --- /dev/null +++ b/salt/curator/files/action/so-snyk-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete snyk indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-snyk.*|so-snyk.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-snyk-warm.yml b/salt/curator/files/action/so-snyk-warm.yml new file mode 100644 index 000000000..f9b10bbdd --- /dev/null +++ b/salt/curator/files/action/so-snyk-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-snyk + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-sonicwall-close.yml b/salt/curator/files/action/so-sonicwall-close.yml new file mode 100644 index 000000000..9cc23d3af --- /dev/null +++ b/salt/curator/files/action/so-sonicwall-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close sonicwall indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-sonicwall.*|so-sonicwall.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-sonicwall-delete.yml b/salt/curator/files/action/so-sonicwall-delete.yml new file mode 100644 index 000000000..c7d38361f --- /dev/null +++ b/salt/curator/files/action/so-sonicwall-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete sonicwall indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-sonicwall.*|so-sonicwall.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-sonicwall-warm.yml b/salt/curator/files/action/so-sonicwall-warm.yml new file mode 100644 index 000000000..fa8ceb3e4 --- /dev/null +++ b/salt/curator/files/action/so-sonicwall-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-sonicwall + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-sophos-close.yml b/salt/curator/files/action/so-sophos-close.yml new file mode 100644 index 000000000..b7574b996 --- /dev/null +++ b/salt/curator/files/action/so-sophos-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-sophos:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close sophos indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-sophos.*|so-sophos.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-sophos-delete.yml b/salt/curator/files/action/so-sophos-delete.yml new file mode 100644 index 000000000..433df908a --- /dev/null +++ b/salt/curator/files/action/so-sophos-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete sophos indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-sophos.*|so-sophos.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-sophos-warm.yml b/salt/curator/files/action/so-sophos-warm.yml new file mode 100644 index 000000000..40cc60084 --- /dev/null +++ b/salt/curator/files/action/so-sophos-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-sophos + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml new file mode 100644 index 000000000..3487aeb6d --- /dev/null +++ b/salt/curator/files/action/so-strelka-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete Strelka indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-strelka.*|so-strelka.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-strelka-warm.yml b/salt/curator/files/action/so-strelka-warm.yml new file mode 100644 index 000000000..cfa88b0c1 --- /dev/null +++ b/salt/curator/files/action/so-strelka-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-strelka + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml new file mode 100644 index 000000000..5fe7417ad --- /dev/null +++ b/salt/curator/files/action/so-syslog-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete syslog indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-syslog.*|so-syslog.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-syslog-warm.yml b/salt/curator/files/action/so-syslog-warm.yml new file mode 100644 index 000000000..e5ebb2fa6 --- /dev/null +++ b/salt/curator/files/action/so-syslog-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-syslog + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-tomcat-close.yml b/salt/curator/files/action/so-tomcat-close.yml new file mode 100644 index 000000000..ea0d95b0a --- /dev/null +++ b/salt/curator/files/action/so-tomcat-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close tomcat indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-tomcat.*|so-tomcat.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-tomcat-delete.yml b/salt/curator/files/action/so-tomcat-delete.yml new file mode 100644 index 000000000..77035613f --- /dev/null +++ b/salt/curator/files/action/so-tomcat-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete tomcat indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-tomcat.*|so-tomcat.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-tomcat-warm.yml b/salt/curator/files/action/so-tomcat-warm.yml new file mode 100644 index 000000000..8fb7884c0 --- /dev/null +++ b/salt/curator/files/action/so-tomcat-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-tomcat + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml new file mode 100644 index 000000000..0694c2aed --- /dev/null +++ b/salt/curator/files/action/so-zeek-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete Zeek indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-zeek.*|so-zeek.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-zeek-warm.yml b/salt/curator/files/action/so-zeek-warm.yml new file mode 100644 index 000000000..2b4b6a729 --- /dev/null +++ b/salt/curator/files/action/so-zeek-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-zeek + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/so-zscaler-close.yml b/salt/curator/files/action/so-zscaler-close.yml new file mode 100644 index 000000000..5a008a27d --- /dev/null +++ b/salt/curator/files/action/so-zscaler-close.yml @@ -0,0 +1,29 @@ +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:close', 30) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close zscaler indices older than {{cur_close_days}} days. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-zscaler.*|so-zscaler.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/so-zscaler-delete.yml b/salt/curator/files/action/so-zscaler-delete.yml new file mode 100644 index 000000000..238fea083 --- /dev/null +++ b/salt/curator/files/action/so-zscaler-delete.yml @@ -0,0 +1,29 @@ +{%- set DELETE_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:delete', 365) -%} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete zscaler indices when older than {{ DELETE_DAYS }} days. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: regex + value: '^(logstash-zscaler.*|so-zscaler.*)$' + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ DELETE_DAYS }} + exclude: + + \ No newline at end of file diff --git a/salt/curator/files/action/so-zscaler-warm.yml b/salt/curator/files/action/so-zscaler-warm.yml new file mode 100644 index 000000000..8a7d8187a --- /dev/null +++ b/salt/curator/files/action/so-zscaler-warm.yml @@ -0,0 +1,24 @@ +{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:warm', 7) -%} +actions: + 1: + action: allocation + description: "Apply shard allocation filtering rules to the specified indices" + options: + key: box_type + value: warm + allocation_type: require + wait_for_completion: true + timeout_override: + continue_if_exception: false + disable_action: false + filters: + - filtertype: pattern + kind: prefix + value: so-zscaler + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{ WARM_DAYS }} + diff --git a/salt/curator/files/action/warm.yml b/salt/curator/files/action/warm.yml deleted file mode 100644 index efa2196b2..000000000 --- a/salt/curator/files/action/warm.yml +++ /dev/null @@ -1,23 +0,0 @@ -#actions: -# 1: -# action: allocation -# description: "Apply shard allocation filtering rules to the specified indices" -# options: -# key: box_type -# value: warm -# allocation_type: require -# wait_for_completion: true -# timeout_override: -# continue_if_exception: false -# disable_action: false -# filters: -# - filtertype: pattern -# kind: prefix -# value: so- -# - filtertype: age -# source: name -# direction: older -# timestring: '%Y.%m.%d' -# unit: days -# unit_count: 3 - diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index 6f7b96790..c1e940b4d 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -23,5 +23,22 @@ read lastPID < $lf # if lastPID is not null and a process with that pid exists , exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit echo $$ > $lf +{% from 'filebeat/map.jinja' import THIRDPARTY with context %} +{% from 'filebeat/map.jinja' import SO with context %} -/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1 +/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1; +{% for INDEX in THIRDPARTY.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1; +{% endfor -%} +{% for INDEX in SO.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1{% if not loop.last %};{% endif %} +{% endfor -%} diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 7dd7b82e7..9730b72fb 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -4,7 +4,7 @@ {%- if grains['role'] in ['so-node', 'so-heavynode'] %} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%} -{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %} +{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone', 'so-manager'] %} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('manager:mainip', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('manager:es_port', '') -%} {%- endif -%} diff --git a/salt/curator/files/bin/so-curator-cluster-close b/salt/curator/files/bin/so-curator-cluster-close new file mode 100644 index 000000000..7b8c41c9e --- /dev/null +++ b/salt/curator/files/bin/so-curator-cluster-close @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +APP=close +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + +{% from 'filebeat/map.jinja' import THIRDPARTY with context %} +{% from 'filebeat/map.jinja' import SO with context %} + +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1; +{% for INDEX in THIRDPARTY.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1; +{% endfor -%} +{% for INDEX in SO.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1{% if not loop.last %};{% endif %} +{% endfor -%} \ No newline at end of file diff --git a/salt/curator/files/bin/so-curator-cluster-delete b/salt/curator/files/bin/so-curator-cluster-delete new file mode 100644 index 000000000..21195da5d --- /dev/null +++ b/salt/curator/files/bin/so-curator-cluster-delete @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +APP=delete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + +{% from 'filebeat/map.jinja' import THIRDPARTY with context %} +{% from 'filebeat/map.jinja' import SO with context %} + +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-delete.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-delete.yml > /dev/null 2>&1; +{% for INDEX in THIRDPARTY.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-delete.yml > /dev/null 2>&1; +{% endfor -%} +{% for INDEX in SO.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-delete.yml > /dev/null 2>&1{% if not loop.last %};{% endif %} +{% endfor -%} \ No newline at end of file diff --git a/salt/curator/files/bin/so-curator-cluster-warm b/salt/curator/files/bin/so-curator-cluster-warm new file mode 100644 index 000000000..4348ba2e3 --- /dev/null +++ b/salt/curator/files/bin/so-curator-cluster-warm @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +APP=warm +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + +{% from 'filebeat/map.jinja' import THIRDPARTY with context %} +{% from 'filebeat/map.jinja' import SO with context %} + +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-warm.yml > /dev/null 2>&1; +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-warm.yml > /dev/null 2>&1; +{% for INDEX in THIRDPARTY.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-warm.yml > /dev/null 2>&1; +{% endfor -%} +{% for INDEX in SO.modules.keys() -%} +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-warm.yml > /dev/null 2>&1{% if not loop.last %};{% endif %} +{% endfor -%} \ No newline at end of file diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml index bdde14fc1..5ec4bdc5f 100644 --- a/salt/curator/files/curator.yml +++ b/salt/curator/files/curator.yml @@ -1,6 +1,6 @@ {% if grains['role'] in ['so-node', 'so-heavynode'] %} {%- set elasticsearch = salt['pillar.get']('elasticsearch:mainip', '') -%} -{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %} +{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone', 'so-manager'] %} {%- set elasticsearch = salt['pillar.get']('manager:mainip', '') -%} {%- endif %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} @@ -18,17 +18,16 @@ client: hosts: - {{elasticsearch}} port: 9200 -{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} +{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} username: {{ ES_USER }} password: {{ ES_PASS }} -{% endif %} +{%- endif %} url_prefix: use_ssl: True certificate: client_cert: client_key: ssl_no_validate: True - http_auth: timeout: 30 master_only: False diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 48a10b4b8..c604571ba 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -4,8 +4,13 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %} +{% set REMOVECURATORCRON = False %} +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{% set HOTWARM = salt['pillar.get']('elasticsearch:hot_warm_enabled', False) %} + +{% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone', 'so-manager'] %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} + {% from "curator/map.jinja" import CURATOROPTIONS with context %} # Curator # Create the group curatorgroup: @@ -78,6 +83,7 @@ curclose: - user: 934 - group: 939 - mode: 755 + - template: jinja curdel: file.managed: @@ -87,39 +93,38 @@ curdel: - group: 939 - mode: 755 -so-curatorcloseddeletecron: - cron.present: - - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' +curclusterclose: + file.managed: + - name: /usr/sbin/so-curator-cluster-close + - source: salt://curator/files/bin/so-curator-cluster-close + - user: 934 + - group: 939 + - mode: 755 + - template: jinja -so-curatorclosecron: - cron.present: - - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' +curclusterdelete: + file.managed: + - name: /usr/sbin/so-curator-cluster-delete + - source: salt://curator/files/bin/so-curator-cluster-delete + - user: 934 + - group: 939 + - mode: 755 + - template: jinja -so-curatordeletecron: - cron.present: - - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' +curclustercwarm: + file.managed: + - name: /usr/sbin/so-curator-cluster-warm + - source: salt://curator/files/bin/so-curator-cluster-warm + - user: 934 + - group: 939 + - mode: 755 + - template: jinja so-curator: - docker_container.running: + docker_container.{{ CURATOROPTIONS.status }}: + {% if CURATOROPTIONS.status == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-curator:{{ VERSION }} + - start: {{ CURATOROPTIONS.start }} - hostname: curator - name: so-curator - user: curator @@ -129,20 +134,132 @@ so-curator: - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro - /opt/so/conf/curator/action/:/etc/curator/action:ro - /opt/so/log/curator:/var/log/curator:rw + - require: + - file: actionconfs + - file: curconf + - file: curlogdir + {% else %} + - force: True + {% endif %} + {% if CURATOROPTIONS.manage_sostatus %} append_so-curator_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-curator + - unless: grep -q so-curator /opt/so/conf/so-status/so-status.conf -# Begin Curator Cron Jobs + {% if not CURATOROPTIONS.start %} +so-curator_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-curator$ -# Close -# Delete -# Hot Warm -# Segment Merge + # need to remove cronjobs here since curator is disabled + {% set REMOVECURATORCRON = True %} + {% else %} +delete_so-curator_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-curator$ -# End Curator Cron Jobs + {% endif %} + + {% else %} +delete_so-curator_so-status: + file.line: + - name: /opt/so/conf/so-status/so-status.conf + - match: ^so-curator$ + - mode: delete + + # need to remove cronjobs here since curator is disabled + {% set REMOVECURATORCRON = True %} + + {% endif %} + + {% if REMOVECURATORCRON %} +so-curatorcloseddeletecron: + cron.absent: + - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 + - user: root + +so-curatorclosecron: + cron.absent: + - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 + - user: root + +so-curatordeletecron: + cron.absent: + - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 + - user: root + + {% else %} + + {% if TRUECLUSTER is sameas true %} +so-curatorclusterclose: + cron.present: + - name: /usr/sbin/so-curator-cluster-close > /opt/so/log/curator/cron-close.log 2>&1 + - user: root + - minute: '2' + - hour: '*/1' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +so-curatorclusterdelete: + cron.present: + - name: /usr/sbin/so-curator-cluster-delete > /opt/so/log/curator/cron-delete.log 2>&1 + - user: root + - minute: '2' + - hour: '*/1' + - daymonth: '*' + - month: '*' + - dayweek: '*' + {% if HOTWARM is sameas true %} +so-curatorclusterwarm: + cron.present: + - name: /usr/sbin/so-curator-cluster-warm > /opt/so/log/curator/cron-warm.log 2>&1 + - user: root + - minute: '2' + - hour: '*/1' + - daymonth: '*' + - month: '*' + - dayweek: '*' + {% endif %} + + {% else %} +so-curatorcloseddeletecron: + cron.present: + - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 + - user: root + - minute: '*/5' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +so-curatorclosecron: + cron.present: + - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 + - user: root + - minute: '*/5' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +so-curatordeletecron: + cron.present: + - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 + - user: root + - minute: '*/5' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + + {% endif %} + {% endif %} {% endif %} {% else %} diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja new file mode 100644 index 000000000..bbcff2a9c --- /dev/null +++ b/salt/curator/map.jinja @@ -0,0 +1,16 @@ +{% set CURATOROPTIONS = {} %} +{% set ENABLED = salt['pillar.get']('curator:enabled', True) %} +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{% do CURATOROPTIONS.update({'manage_sostatus': True}) %} + +# don't start the docker container if curator is disabled via pillar +{% if not ENABLED or (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %} + {% do CURATOROPTIONS.update({'start': False}) %} + {% do CURATOROPTIONS.update({'status': 'absent'}) %} + {% if (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %} + {% do CURATOROPTIONS.update({'manage_sostatus': False}) %} + {% endif %} +{% else %} + {% do CURATOROPTIONS.update({'start': True}) %} + {% do CURATOROPTIONS.update({'status': 'running'}) %} +{% endif %} diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls index 72ccf2f76..e2167d161 100644 --- a/salt/domainstats/init.sls +++ b/salt/domainstats/init.sls @@ -45,14 +45,15 @@ so-domainstatsimage: so-domainstats: docker_container.running: - - require: - - so-domainstatsimage - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-domainstats:{{ VERSION }} - hostname: domainstats - name: so-domainstats - user: domainstats - binds: - /opt/so/log/domainstats:/var/log/domain_stats + - require: + - file: dstatslogdir + - cmd: so-domainstatsimage append_so-domainstats_so-status.conf: file.append: @@ -65,4 +66,4 @@ append_so-domainstats_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index f3f4af3f9..f94e0c1d0 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -111,17 +111,21 @@ so-elastalert: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elastalert:{{ VERSION }} - hostname: elastalert - name: so-elastalert - - user: elastalert + - user: so-elastalert - detach: True - binds: - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro - /opt/so/log/elastalert:/var/log/elastalert:rw - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro - - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/config/elastalert_config.yaml:ro + - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/elastalert/config.yaml:ro - extra_hosts: - {{MANAGER_URL}}:{{MANAGER_IP}} - require: - cmd: wait_for_elasticsearch + - file: elastarules + - file: elastalogdir + - file: elastacustmodulesdir + - file: elastaconf - watch: - file: elastaconf diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls index 373f2fbed..66e1826ba 100644 --- a/salt/elasticsearch/auth.sls +++ b/salt/elasticsearch/auth.sls @@ -1,8 +1,12 @@ -{% set so_elastic_user_pass = salt['random.get_str'](20) %} -{% set so_kibana_user_pass = salt['random.get_str'](20) %} -{% set so_logstash_user_pass = salt['random.get_str'](20) %} -{% set so_beats_user_pass = salt['random.get_str'](20) %} -{% set so_monitor_user_pass = salt['random.get_str'](20) %} +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + + {% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72)) %} + {% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72)) %} + {% set so_logstash_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', salt['random.get_str'](72)) %} + {% set so_beats_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', salt['random.get_str'](72)) %} + {% set so_monitor_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_monitor_user:pass', salt['random.get_str'](72)) %} + {% set auth_enabled = salt['pillar.get']('elasticsearch:auth:enabled', False) %} elastic_auth_pillar: file.managed: @@ -12,7 +16,7 @@ elastic_auth_pillar: - contents: | elasticsearch: auth: - enabled: False + enabled: {{ auth_enabled }} users: so_elastic_user: user: so_elastic @@ -29,11 +33,11 @@ elastic_auth_pillar: so_monitor_user: user: so_monitor pass: {{ so_monitor_user_pass }} - # since we are generating a random password, and we don't want that to happen everytime - # a highstate runs, we only manage the file each user isn't present in the file. if the - # pillar file doesn't exists, then the default vault provided to pillar.get should not - # be within the file either, so it should then be created - - unless: - {% for so_app_user, values in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}).items() %} - - grep {{ values.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls - {% endfor%} + - show_changes: False +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/elasticsearch/config.map.jinja b/salt/elasticsearch/config.map.jinja new file mode 100644 index 000000000..914bda434 --- /dev/null +++ b/salt/elasticsearch/config.map.jinja @@ -0,0 +1,36 @@ +{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} +{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %} + +{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %} + {% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %} +{% endif %} + +{% if salt['pillar.get']('elasticsearch:true_cluster', False) %} + {% if grains.id.split('_') | last in ['manager','managersearch'] %} + {% if salt['pillar.get']('nodestab', {}) %} + {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %} + {% if HIGHLANDER %} + {% do ESCONFIG.elasticsearch.config.node.roles.append('ml') %} + {% endif %} + {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %} + {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(SN.split('_')|first) %} + {% endfor %} + {% endif %} + {% if grains.id.split('_') | last == 'manager' %} + {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': ''}) %} + {% endif %} + {% else %} + {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %} + {% if HIGHLANDER %} + {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master']) %} + {% endif %} + {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %} + {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %} + {% endif %} + {% if HIGHLANDER %} + {% do ESCONFIG.elasticsearch.config.xpack.ml.update({'enabled': true}) %} + {% endif %} +{% endif %} + +{% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %} diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml new file mode 100644 index 000000000..e119fb62d --- /dev/null +++ b/salt/elasticsearch/defaults.yaml @@ -0,0 +1,62 @@ +elasticsearch: + config: + node: + name: {{ grains.host }} + attr: + box_type: hot + cluster: + name: {{ grains.host }} + routing: + allocation: + disk: + threshold_enabled: true + watermark: + low: 95% + high: 98% + flood_stage: 98% + network: + host: 0.0.0.0 + path: + logs: /var/log/elasticsearch + action: + destructive_requires_name: true + transport: + bind_host: 0.0.0.0 + publish_host: {{ grains.host }} + publish_port: 9300 + xpack: + ml: + enabled: false + security: + enabled: true + authc: + anonymous: + authz_exception: true + roles: [] + username: _anonymous + transport: + ssl: + enabled: true + verification_mode: none + key: /usr/share/elasticsearch/config/elasticsearch.key + certificate: /usr/share/elasticsearch/config/elasticsearch.crt + certificate_authorities: + - /usr/share/elasticsearch/config/ca.crt + http: + ssl: + enabled: true + client_authentication: none + key: /usr/share/elasticsearch/config/elasticsearch.key + certificate: /usr/share/elasticsearch/config/elasticsearch.crt + certificate_authorities: + - /usr/share/elasticsearch/config/ca.crt + script: + max_compilations_rate: 20000/1m + indices: + query: + bool: + max_clause_count: 1500 + + + + diff --git a/salt/elasticsearch/files/elasticsearch.yaml.jinja b/salt/elasticsearch/files/elasticsearch.yaml.jinja new file mode 100644 index 000000000..caf13173f --- /dev/null +++ b/salt/elasticsearch/files/elasticsearch.yaml.jinja @@ -0,0 +1 @@ +{{ ESCONFIG | yaml(False) }} diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml deleted file mode 100644 index bf5e7e2b4..000000000 --- a/salt/elasticsearch/files/elasticsearch.yml +++ /dev/null @@ -1,62 +0,0 @@ -{%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip') %} -{%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} -{%- if TRUECLUSTER is sameas true %} - {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name') %} -{%- else %} - {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %} -{%- endif %} -{%- set NODE_ROLES = salt['pillar.get']('elasticsearch:node_roles', ['data', 'ingest']) %} -cluster.name: "{{ ESCLUSTERNAME }}" -network.host: 0.0.0.0 -path.logs: /var/log/elasticsearch -action.destructive_requires_name: true -transport.bind_host: 0.0.0.0 -transport.publish_host: {{ grains.host }} -transport.publish_port: 9300 -cluster.routing.allocation.disk.threshold_enabled: true -cluster.routing.allocation.disk.watermark.low: 95% -cluster.routing.allocation.disk.watermark.high: 98% -cluster.routing.allocation.disk.watermark.flood_stage: 98% -xpack.ml.enabled: false -xpack.security.enabled: true -xpack.security.transport.ssl.enabled: true -xpack.security.transport.ssl.verification_mode: none -xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] -xpack.security.http.ssl.enabled: true -xpack.security.http.ssl.client_authentication: none -xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt -{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %} -xpack.security.authc: - anonymous: - username: anonymous_user - roles: superuser - authz_exception: true -{% endif %} -node.name: {{ grains.host }} -script.max_compilations_rate: 20000/1m -{%- if TRUECLUSTER is sameas true %} - {%- if grains.role == 'so-manager' %} - {%- if salt['pillar.get']('nodestab', {}) %} -node.roles: [ master, data, remote_cluster_client ] -discovery.seed_hosts: - - {{ grains.master }} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - - {{ SN.split('_')|first }} - {%- endfor %} - {%- endif %} - {%- else %} -node.roles: {{ NODE_ROLES }} -node.attr.box_type: {{ NODE_ROUTE_TYPE }} -discovery.seed_hosts: - - {{ grains.master }} - {%- endif %} -{%- endif %} -{%- if TRUECLUSTER is sameas false %} -node.attr.box_type: {{ NODE_ROUTE_TYPE }} -{%- endif %} -indices.query.bool.max_clause_count: 1500 diff --git a/salt/elasticsearch/files/ingest/common b/salt/elasticsearch/files/ingest-dynamic/common similarity index 77% rename from salt/elasticsearch/files/ingest/common rename to salt/elasticsearch/files/ingest-dynamic/common index e8e462053..bdf6513fe 100644 --- a/salt/elasticsearch/files/ingest/common +++ b/salt/elasticsearch/files/ingest-dynamic/common @@ -1,3 +1,5 @@ +{%- set HIGHLANDER = salt['pillar.get']('global:highlander', False) -%} +{%- raw -%} { "description" : "common", "processors" : [ @@ -21,6 +23,26 @@ "properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"] } }, + { + "geoip": { + "field": "destination.ip", + "target_field": "destination_geo", + "database_file": "GeoLite2-ASN.mmdb", + "ignore_missing": true, + "ignore_failure": true, + "properties": ["ip", "asn", "organization_name", "network"] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source_geo", + "database_file": "GeoLite2-ASN.mmdb", + "ignore_missing": true, + "ignore_failure": true, + "properties": ["ip", "asn", "organization_name", "network"] + } + }, { "set": { "if": "ctx.event?.severity == 1", "field": "event.severity_label", "value": "low", "override": true } }, { "set": { "if": "ctx.event?.severity == 2", "field": "event.severity_label", "value": "medium", "override": true } }, { "set": { "if": "ctx.event?.severity == 3", "field": "event.severity_label", "value": "high", "override": true } }, @@ -45,5 +67,16 @@ "index_name_format": "yyyy.MM.dd" } } +{%- endraw %} +{%- if HIGHLANDER %} + , + { + "pipeline": { + "name": "ecs" + } + } +{%- endif %} +{%- raw %} ] } +{% endraw %} diff --git a/salt/elasticsearch/files/ingest/beats.common b/salt/elasticsearch/files/ingest/beats.common index 4e358582e..3cfa33521 100644 --- a/salt/elasticsearch/files/ingest/beats.common +++ b/salt/elasticsearch/files/ingest/beats.common @@ -2,7 +2,7 @@ "description" : "beats.common", "processors" : [ { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, - { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, + { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational' && ctx.containsKey('winlog')", "name":"win.eventlogs" } }, { "pipeline": { "name": "common" } } ] } \ No newline at end of file diff --git a/salt/elasticsearch/files/ingest/ecs b/salt/elasticsearch/files/ingest/ecs new file mode 100644 index 000000000..e52ab6e71 --- /dev/null +++ b/salt/elasticsearch/files/ingest/ecs @@ -0,0 +1,155 @@ +{ + "description" : "ECS Testing Pipeline", + "processors": [ + { + "append": { + "field": "event.category", + "value": [ + "process" + ], + "if": "ctx?.wazuh?.data?.type == 'process'", + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.type", + "value": [ + "start" + ], + "if": "ctx?.wazuh?.data?.type == 'process'", + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.type", + "value": "end", + "if": "ctx?.wazuh?.data?.type == 'process_end'", + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "user.name", + "copy_from": "process.user", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "host.os.type", + "copy_from": "wazuh.data.os.sysname", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "host.os.platform", + "copy_from": "wazuh.data.os.platform", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "host.os.name", + "copy_from": "wazuh.data.os.name", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "host.os.version", + "copy_from": "wazuh.data.os.version", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "signal.rule.name", + "copy_from": "rule.name", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "signal.rule.type", + "copy_from": "rule.category", + "ignore_empty_value": true, + "ignore_failure": true + } + }, + { + "set": { + "field": "signal.rule.threat.tactic.name", + "copy_from": "rule.mitre.tactic", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true + } + }, + { + "append": { + "field": "event.category", + "value": [ + "authentication" + ], + "if": "if(ctx?.rule?.groups != null) {\n if(ctx?.rule?.groups?.contains('authentication_success')) {\n return true\n }\n if(ctx?.rule?.groups?.contains('authentication_failed')) {\n return true\n }\n return false\n}", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "ignore_empty_value": true, + "if": "ctx?.rule?.groups != null && ctx?.rule?.groups.contains('authentication_success')", + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "ignore_empty_value": true, + "if": "ctx?.rule?.groups != null && ctx?.rule?.groups.contains('authentication_failed')", + "tag": "test", + "ignore_failure": true + } + }, + { + "set": { + "field": "url.path", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true, + "copy_from": "url.original" + } + }, + { + "set": { + "field": "url.domain", + "ignore_empty_value": true, + "tag": "test", + "ignore_failure": true, + "copy_from": "kibana.log.meta.req.headers.origin" + } + } + ] +} diff --git a/salt/elasticsearch/files/ingest/import.wel b/salt/elasticsearch/files/ingest/import.wel index 5a04324b7..e75098f8f 100644 --- a/salt/elasticsearch/files/ingest/import.wel +++ b/salt/elasticsearch/files/ingest/import.wel @@ -4,6 +4,7 @@ { "remove": { "field": ["event.created","timestamp", "winlog.event_data.UtcTime", "event_record_id"], "ignore_failure": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, + { "dissect": { "field": "log.file.name", "pattern" : "/tmp/%{import.id}.evtx" } }, { "pipeline": { "name": "common" } } ] } \ No newline at end of file diff --git a/salt/elasticsearch/files/ingest/logscan.alert b/salt/elasticsearch/files/ingest/logscan.alert new file mode 100644 index 000000000..7473060a7 --- /dev/null +++ b/salt/elasticsearch/files/ingest/logscan.alert @@ -0,0 +1,29 @@ +{ + "description": "logscan", + "processors": [ + { "set": { "field": "event.severity", "value": 2 } }, + { "json": { "field": "message", "add_to_root": true, "ignore_failure": true } }, + { "rename": { "field": "@timestamp", "target_field": "event.ingested", "ignore_missing": true } }, + { "date": { "field": "timestamp", "target_field": "event.created", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "start_time", "target_field": "@timestamp", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "remove": { "field": "start_time", "ignore_missing": true } }, + { "remove": { "field": "end_time", "ignore_missing": true } }, + { "rename": { "field": "source_ip", "target_field": "source.ip", "ignore_missing": true } }, + { "rename": { "field": "top_source_ips", "target_field": "logscan.source.ips", "ignore_missing": true } }, + { "append": { "if": "ctx.source != null", "field": "logscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, + { "set": { "if": "ctx.model == 'k1'", "field": "rule.name", "value": "LOGSCAN K1 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k1'", "field": "rule.description", "value": "High number of logins from single IP in 1 minute window" } }, + { "set": { "if": "ctx.model == 'k5'", "field": "rule.name", "value": "LOGSCAN K5 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k5'", "field": "rule.description", "value": "High ratio of login failures from single IP in 5 minute window" } }, + { "set": { "if": "ctx.model == 'k60'", "field": "rule.name", "value": "LOGSCAN K60 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k60'", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "rename": { "field": "model", "target_field": "logscan.model" } }, + { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, + { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, + { "script": { "lang": "painless", "source": "ctx.logscan.attempts.succeeded.amount = ctx.logscan.attempts.total.amount - ctx.logscan.attempts.failed.amount" , "ignore_failure": true} }, + { "rename": { "field": "avg_failure_interval", "target_field": "logscan.attempts.failed.avg_interval", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/ossec b/salt/elasticsearch/files/ingest/ossec index 1c5a0fd42..69bca3003 100644 --- a/salt/elasticsearch/files/ingest/ossec +++ b/salt/elasticsearch/files/ingest/ossec @@ -33,6 +33,7 @@ { "rename": { "field": "data.win.eventdata.user", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "data.win.system", "target_field": "winlog", "ignore_missing": true } }, { "rename": { "field": "data.win.eventdata", "target_field": "winlog.event_data", "ignore_missing": true } }, + { "rename": { "field": "data", "target_field": "wazuh.data", "ignore_missing": true } }, { "rename": { "field": "winlog.eventID", "target_field": "winlog.event_id", "ignore_missing": true } }, { "rename": { "field": "predecoder.program_name", "target_field": "process.name", "ignore_missing": true } }, { "rename": { "field": "decoder.name", "target_field": "event.dataset", "ignore_missing": true } }, @@ -63,8 +64,7 @@ { "rename": { "field": "fields.module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, - { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.dataset", "value": "ossec.alert", "override": true } }, - { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.kind", "value": "alert", "override": true } }, + { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.dataset", "value": "alert", "override": true } }, { "pipeline": { "name": "common" } } ] } diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file index cf2772305..fbcf1252a 100644 --- a/salt/elasticsearch/files/ingest/strelka.file +++ b/salt/elasticsearch/files/ingest/strelka.file @@ -8,6 +8,7 @@ { "rename": { "field": "scan.hash", "target_field": "hash", "ignore_missing": true } }, { "rename": { "field": "scan.exiftool", "target_field": "exiftool", "ignore_missing": true } }, { "grok": { "if": "ctx.request?.attributes?.filename != null", "field": "request.attributes.filename", "patterns": ["-%{WORD:log.id.fuid}-"], "ignore_failure": true } }, + { "gsub": { "if": "ctx.request?.attributes?.filename != null", "field": "request.attributes.filename", "pattern": "\/nsm\/strelka\/staging", "replacement": "\/nsm\/strelka\/processed" } }, { "foreach": { "if": "ctx.exiftool?.keys !=null", @@ -53,8 +54,7 @@ { "set": { "if": "ctx.exiftool?.FileDirectory != null", "field": "file.directory", "value": "{{exiftool.FileDirectory}}", "ignore_failure": true }}, { "set": { "if": "ctx.exiftool?.Subsystem != null", "field": "host.subsystem", "value": "{{exiftool.Subsystem}}", "ignore_failure": true }}, { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "rule.name", "value": "{{scan.yara.matches.0}}" }}, - { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "strelka.alert", "override": true }}, - { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "event.kind", "value": "alert", "override": true }}, + { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "alert", "override": true }}, { "rename": { "field": "file.flavors.mime", "target_field": "file.mime_type", "ignore_missing": true }}, { "set": { "if": "ctx.rule?.name != null && ctx.rule?.score == null", "field": "event.severity", "value": 3, "override": true } }, { "convert" : { "if": "ctx.rule?.score != null", "field" : "rule.score","type": "integer"}}, diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns index 85229ee92..2f5958e2e 100644 --- a/salt/elasticsearch/files/ingest/suricata.dns +++ b/salt/elasticsearch/files/ingest/suricata.dns @@ -12,7 +12,7 @@ { "rename": { "field": "message2.dns.qr", "target_field": "dns.qr", "ignore_missing": true } }, { "rename": { "field": "message2.dns.rd", "target_field": "dns.recursion.desired", "ignore_missing": true } }, { "rename": { "field": "message2.dns.ra", "target_field": "dns.recursion.available", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code_name", "ignore_missing": true } }, { "rename": { "field": "message2.grouped.A", "target_field": "dns.answers.data", "ignore_missing": true } }, { "rename": { "field": "message2.grouped.CNAME", "target_field": "dns.answers.name", "ignore_missing": true } }, { "pipeline": { "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld" } }, diff --git a/salt/elasticsearch/files/ingest/suricata.fileinfo b/salt/elasticsearch/files/ingest/suricata.fileinfo index d5147fb40..fe9e4b109 100644 --- a/salt/elasticsearch/files/ingest/suricata.fileinfo +++ b/salt/elasticsearch/files/ingest/suricata.fileinfo @@ -13,6 +13,7 @@ { "rename": { "field": "message2.fileinfo.size", "target_field": "file.size", "ignore_missing": true } }, { "rename": { "field": "message2.fileinfo.state", "target_field": "file.state", "ignore_missing": true } }, { "rename": { "field": "message2.fileinfo.stored", "target_field": "file.saved", "ignore_missing": true } }, + { "rename": { "field": "message2.fileinfo.sha256", "target_field": "hash.sha256", "ignore_missing": true } }, { "set": { "if": "ctx.network?.protocol != null", "field": "file.source", "value": "{{network.protocol}}" } }, { "pipeline": { "name": "common" } } ] diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 4045fa10f..f31e224a3 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -15,6 +15,9 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} +include: + - ssl + {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} @@ -35,7 +38,9 @@ {% endif %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} +{% set ROLES = salt['pillar.get']('elasticsearch:roles', {}) %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} +{% from 'elasticsearch/config.map.jinja' import ESCONFIG with context %} vm.max_map_count: @@ -119,6 +124,21 @@ estemplatedir: - group: 939 - makedirs: True +esrolesdir: + file.directory: + - name: /opt/so/conf/elasticsearch/roles + - user: 930 + - group: 939 + - makedirs: True + +esingestdynamicconf: + file.recurse: + - name: /opt/so/conf/elasticsearch/ingest + - source: salt://elasticsearch/files/ingest-dynamic + - user: 930 + - group: 939 + - template: jinja + esingestconf: file.recurse: - name: /opt/so/conf/elasticsearch/ingest @@ -137,9 +157,11 @@ eslog4jfile: esyml: file.managed: - name: /opt/so/conf/elasticsearch/elasticsearch.yml - - source: salt://elasticsearch/files/elasticsearch.yml + - source: salt://elasticsearch/files/elasticsearch.yaml.jinja - user: 930 - group: 939 + - defaults: + ESCONFIG: {{ ESCONFIG }} - template: jinja #sync templates to /opt/so/conf/elasticsearch/templates @@ -157,6 +179,15 @@ es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: - group: 939 {% endfor %} +esroles: + file.recurse: + - source: salt://elasticsearch/roles/ + - name: /opt/so/conf/elasticsearch/roles/ + - clean: True + - template: jinja + - user: 930 + - group: 939 + nsmesdir: file.directory: - name: /nsm/elasticsearch @@ -193,7 +224,7 @@ auth_users_inode: require: - file: auth_users cmd.run: - - name: cat /opt/so/conf/elasticsearch/users.tmp > /opt/so/conf/elasticsearch/users && chown 930:930 /opt/so/conf/elasticsearch/users && chmod 600 /opt/so/conf/elasticsearch/users + - name: cat /opt/so/conf/elasticsearch/users.tmp > /opt/so/conf/elasticsearch/users && chown 930:939 /opt/so/conf/elasticsearch/users && chmod 660 /opt/so/conf/elasticsearch/users - onchanges: - file: /opt/so/conf/elasticsearch/users.tmp @@ -201,7 +232,7 @@ auth_users_roles_inode: require: - file: auth_users_roles cmd.run: - - name: cat /opt/so/conf/elasticsearch/users_roles.tmp > /opt/so/conf/elasticsearch/users_roles && chown 930:930 /opt/so/conf/elasticsearch/users_roles && chmod 600 /opt/so/conf/elasticsearch/users_roles + - name: cat /opt/so/conf/elasticsearch/users_roles.tmp > /opt/so/conf/elasticsearch/users_roles && chown 930:939 /opt/so/conf/elasticsearch/users_roles && chmod 660 /opt/so/conf/elasticsearch/users_roles - onchanges: - file: /opt/so/conf/elasticsearch/users_roles.tmp @@ -257,7 +288,26 @@ so-elasticsearch: - file: cacertz - file: esyml - file: esingestconf + - file: esingestdynamicconf - file: so-elasticsearch-pipelines-file + - require: + - file: esyml + - file: eslog4jfile + - file: nsmesdir + - file: eslogdir + - file: cacertz + - x509: /etc/pki/elasticsearch.crt + - x509: /etc/pki/elasticsearch.key + - file: elasticp12perms + {% if ismanager %} + - x509: pki_public_ca_crt + {% else %} + - x509: trusttheca + {% endif %} + {% if salt['pillar.get']('elasticsearch:auth:enabled', False) %} + - cmd: auth_users_roles_inode + - cmd: auth_users_inode + {% endif %} append_so-elasticsearch_so-status.conf: file.append: @@ -280,10 +330,11 @@ so-elasticsearch-pipelines: - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ esclustername }} - onchanges: - file: esingestconf + - file: esingestdynamicconf - file: esyml - file: so-elasticsearch-pipelines-file -{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-import'] and TEMPLATES %} +{% if TEMPLATES %} so-elasticsearch-templates: cmd.run: - name: /usr/sbin/so-elasticsearch-templates-load @@ -291,6 +342,12 @@ so-elasticsearch-templates: - template: jinja {% endif %} +so-elasticsearch-roles-load: + cmd.run: + - name: /usr/sbin/so-elasticsearch-roles-load + - cwd: /opt/so + - template: jinja + {% endif %} {# if grains['role'] != 'so-helix' #} {% else %} diff --git a/salt/elasticsearch/roles/analyst.json b/salt/elasticsearch/roles/analyst.json new file mode 100644 index 000000000..fc788e2f1 --- /dev/null +++ b/salt/elasticsearch/roles/analyst.json @@ -0,0 +1,63 @@ +{ + "cluster": [ + "cancel_task", + "create_snapshot", + "monitor", + "monitor_data_frame_transforms", + "monitor_ml", + "monitor_rollup", + "monitor_snapshot", + "monitor_text_structure", + "monitor_transform", + "monitor_watcher", + "read_ccr", + "read_ilm", + "read_pipeline", + "read_slm" + ], + "indices": [ + { + "names": [ + "so-*" + ], + "privileges": [ + "index", + "maintenance", + "monitor", + "read", + "read_cross_cluster", + "view_index_metadata" + ] + } + ], + "applications": [ + { + "application": "kibana-.kibana", + "privileges": [ + "feature_discover.all", + "feature_dashboard.all", + "feature_canvas.all", + "feature_maps.all", + "feature_ml.all", + "feature_logs.read", + "feature_visualize.all", + "feature_infrastructure.read", + "feature_apm.read", + "feature_uptime.read", + "feature_siem.read", + "feature_dev_tools.read", + "feature_advancedSettings.read", + "feature_indexPatterns.read", + "feature_savedObjectsManagement.read", + "feature_savedObjectsTagging.read", + "feature_fleet.all", + "feature_actions.read", + "feature_stackAlerts.read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [] +} \ No newline at end of file diff --git a/salt/elasticsearch/roles/auditor.json b/salt/elasticsearch/roles/auditor.json new file mode 100644 index 000000000..26df1207c --- /dev/null +++ b/salt/elasticsearch/roles/auditor.json @@ -0,0 +1,59 @@ +{ + "cluster": [ + "monitor", + "monitor_data_frame_transforms", + "monitor_ml", + "monitor_rollup", + "monitor_snapshot", + "monitor_text_structure", + "monitor_transform", + "monitor_watcher", + "read_ccr", + "read_ilm", + "read_pipeline", + "read_slm" + ], + "indices": [ + { + "names": [ + "so-*" + ], + "privileges": [ + "read", + "read_cross_cluster", + "monitor", + "view_index_metadata" + ] + } + ], + "applications": [ + { + "application": "kibana-.kibana", + "privileges": [ + "feature_discover.read", + "feature_dashboard.read", + "feature_canvas.read", + "feature_maps.read", + "feature_ml.read", + "feature_logs.read", + "feature_visualize.read", + "feature_infrastructure.read", + "feature_apm.read", + "feature_uptime.read", + "feature_siem.read", + "feature_dev_tools.read", + "feature_advancedSettings.read", + "feature_indexPatterns.read", + "feature_savedObjectsManagement.read", + "feature_savedObjectsTagging.read", + "feature_fleet.read", + "feature_actions.read", + "feature_stackAlerts.read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [] +} \ No newline at end of file diff --git a/salt/elasticsearch/roles/limited-analyst.json b/salt/elasticsearch/roles/limited-analyst.json new file mode 100644 index 000000000..2b3797dbc --- /dev/null +++ b/salt/elasticsearch/roles/limited-analyst.json @@ -0,0 +1,49 @@ +{ + "cluster": [ + ], + "indices": [ + { + "names": [ + "so-*" + ], + "privileges": [ + "index", + "maintenance", + "monitor", + "read", + "read_cross_cluster", + "view_index_metadata" + ] + } + ], + "applications": [ + { + "application": "kibana-.kibana", + "privileges": [ + "feature_discover.read", + "feature_dashboard.read", + "feature_canvas.read", + "feature_maps.read", + "feature_ml.read", + "feature_logs.read", + "feature_visualize.read", + "feature_infrastructure.read", + "feature_apm.read", + "feature_uptime.read", + "feature_siem.read", + "feature_dev_tools.read", + "feature_advancedSettings.read", + "feature_indexPatterns.read", + "feature_savedObjectsManagement.read", + "feature_savedObjectsTagging.read", + "feature_fleet.read", + "feature_actions.read", + "feature_stackAlerts.read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [] +} \ No newline at end of file diff --git a/salt/elasticsearch/roles/limited-auditor.json b/salt/elasticsearch/roles/limited-auditor.json new file mode 100644 index 000000000..ecab5016a --- /dev/null +++ b/salt/elasticsearch/roles/limited-auditor.json @@ -0,0 +1,47 @@ +{ + "cluster": [ + ], + "indices": [ + { + "names": [ + "so-*" + ], + "privileges": [ + "read", + "read_cross_cluster", + "monitor", + "view_index_metadata" + ] + } + ], + "applications": [ + { + "application": "kibana-.kibana", + "privileges": [ + "feature_discover.read", + "feature_dashboard.read", + "feature_canvas.read", + "feature_maps.read", + "feature_ml.read", + "feature_logs.read", + "feature_visualize.read", + "feature_infrastructure.read", + "feature_apm.read", + "feature_uptime.read", + "feature_siem.read", + "feature_dev_tools.read", + "feature_advancedSettings.read", + "feature_indexPatterns.read", + "feature_savedObjectsManagement.read", + "feature_savedObjectsTagging.read", + "feature_fleet.read", + "feature_actions.read", + "feature_stackAlerts.read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [] +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/so/so-aws-template.json.jinja b/salt/elasticsearch/templates/so/so-aws-template.json.jinja new file mode 100644 index 000000000..19b23dfba --- /dev/null +++ b/salt/elasticsearch/templates/so/so-aws-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-aws:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-aws:refresh', '30s') %} +{ + "index_patterns": ["so-aws-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-azure-template.json.jinja b/salt/elasticsearch/templates/so/so-azure-template.json.jinja new file mode 100644 index 000000000..51a266479 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-azure-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-azure:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-azure:refresh', '30s') %} +{ + "index_patterns": ["so-azure-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-barracuda-template.json.jinja b/salt/elasticsearch/templates/so/so-barracuda-template.json.jinja new file mode 100644 index 000000000..66967d6d1 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-barracuda-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:refresh', '30s') %} +{ + "index_patterns": ["so-barracuda-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-bluecoat-template.json.jinja b/salt/elasticsearch/templates/so/so-bluecoat-template.json.jinja new file mode 100644 index 000000000..b1714183e --- /dev/null +++ b/salt/elasticsearch/templates/so/so-bluecoat-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:refresh', '30s') %} +{ + "index_patterns": ["so-bluecoat-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-cef-template.json.jinja b/salt/elasticsearch/templates/so/so-cef-template.json.jinja new file mode 100644 index 000000000..0081d42e1 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-cef-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cef:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cef:refresh', '30s') %} +{ + "index_patterns": ["so-cef-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-checkpoint-template.json.jinja b/salt/elasticsearch/templates/so/so-checkpoint-template.json.jinja new file mode 100644 index 000000000..5d41946cf --- /dev/null +++ b/salt/elasticsearch/templates/so/so-checkpoint-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:refresh', '30s') %} +{ + "index_patterns": ["so-checkpoint-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-cisco-template.json.jinja b/salt/elasticsearch/templates/so/so-cisco-template.json.jinja new file mode 100644 index 000000000..e6e6d14d0 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-cisco-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cisco:refresh', '30s') %} +{ + "index_patterns": ["so-cisco-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json.jinja similarity index 95% rename from salt/elasticsearch/templates/so/so-common-template.json rename to salt/elasticsearch/templates/so/so-common-template.json.jinja index 26a5f2ec7..4a41cba8a 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json +++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja @@ -1,13 +1,20 @@ +{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', True) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-common:refresh', '30s') %} { "index_patterns": ["so-*"], "version":50001, "order":10, "settings":{ - "number_of_replicas":0, + "number_of_replicas":{{ REPLICAS }}, "number_of_shards":1, - "index.refresh_interval":"30s", + "index.refresh_interval":"{{ REFRESH }}", "index.routing.allocation.require.box_type":"hot", "index.mapping.total_fields.limit": "1500", +{%- if INDEX_SORTING is sameas true %} + "index.sort.field": "@timestamp", + "index.sort.order": "desc", +{%- endif %} "analysis": { "analyzer": { "es_security_analyzer": { @@ -65,7 +72,8 @@ { "port": { "path_match": "*.port", - "mapping": { + "path_unmatch": "*.data.port", + "mapping": { "type": "integer", "fields" : { "keyword" : { @@ -312,6 +320,10 @@ "type":"object", "dynamic": true }, + "logscan": { + "type": "object", + "dynamic": true + }, "manager":{ "type":"object", "dynamic": true @@ -680,6 +692,10 @@ "redis":{ "type":"object", "dynamic": true + }, + "wazuh":{ + "type":"object", + "dynamic": true } } } diff --git a/salt/elasticsearch/templates/so/so-cyberark-template.json.jinja b/salt/elasticsearch/templates/so/so-cyberark-template.json.jinja new file mode 100644 index 000000000..1647d600f --- /dev/null +++ b/salt/elasticsearch/templates/so/so-cyberark-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:refresh', '30s') %} +{ + "index_patterns": ["so-cyberark-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-cylance-template.json.jinja b/salt/elasticsearch/templates/so/so-cylance-template.json.jinja new file mode 100644 index 000000000..4ba7d0316 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-cylance-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cylance:refresh', '30s') %} +{ + "index_patterns": ["so-cylance-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-elasticsearch-template.json.jinja b/salt/elasticsearch/templates/so/so-elasticsearch-template.json.jinja new file mode 100644 index 000000000..16aaaec13 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-elasticsearch-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:refresh', '30s') %} +{ + "index_patterns": ["so-elasticsearch-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-endgame-template.json.jinja b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja new file mode 100644 index 000000000..6d2b89b27 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-endgame-template.json.jinja @@ -0,0 +1,2976 @@ +{ + "index_patterns": ["endgame-*"], + "version":50002, + "order":1, + "mappings": { + "_meta": { + "version": "1.5.0" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "agent": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + } + } + }, + "client": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "container": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "tag": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "runtime": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "dll": { + "properties": { + "code_signature": { + "properties": { + "exists": { + "type": "boolean" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "pe": { + "properties": { + "company": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "file_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "original_file_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "product": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "dns": { + "properties": { + "answers": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "ttl": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "type": "object" + }, + "header_flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "op_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "question": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "subdomain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "resolved_ip": { + "type": "ip" + }, + "response_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + } + } + }, + "endgame": { + "dynamic": false, + "properties": { + "data": { + "properties": { + "malware_classification": { + "properties": { + "identifier": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "quarantine_result": { + "properties": { + "local_msg": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "event_subtype_full": { + "ignore_above": 1024, + "type": "keyword" + }, + "event_type_full": { + "ignore_above": 1024, + "type": "keyword" + }, + "metadata": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "type": "object" + }, + "error": { + "properties": { + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "stack_trace": { + "doc_values": false, + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "index": false, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "dataset": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "type": "date", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "original": { + "doc_values": false, + "ignore_above": 1024, + "index": false, + "type": "keyword" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "sequence": { + "type": "long" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "ignore_above": 1024, + "type": "keyword" + }, + "code_signature": { + "properties": { + "exists": { + "type": "boolean" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "directory": { + "ignore_above": 1024, + "type": "keyword" + }, + "drive_letter": { + "ignore_above": 1, + "type": "keyword" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mime_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mtime": { + "type": "date" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "owner": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "pe": { + "properties": { + "company": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "file_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "original_file_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "product": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uptime": { + "type": "long" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "method": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "level": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "logger": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "integer" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "original": { + "doc_values": false, + "ignore_above": 1024, + "index": false, + "type": "keyword" + }, + "syslog": { + "properties": { + "facility": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "priority": { + "type": "long" + }, + "severity": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "type": "object" + } + } + }, + "message": { + "norms": false, + "type": "text" + }, + "network": { + "properties": { + "application": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "community_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "inner": { + "properties": { + "vlan": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "type": "object" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + }, + "transport": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vlan": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "observer": { + "properties": { + "egress": { + "properties": { + "interface": { + "properties": { + "alias": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "vlan": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "zone": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "type": "object" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingress": { + "properties": { + "interface": { + "properties": { + "alias": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "vlan": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "zone": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "type": "object" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "product": { + "ignore_above": 1024, + "type": "keyword" + }, + "serial_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "organization": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "package": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "build_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "checksum": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "install_scope": { + "ignore_above": 1024, + "type": "keyword" + }, + "installed": { + "type": "date" + }, + "license": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "process": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "exists": { + "type": "boolean" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "executable": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "parent": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "exists": { + "type": "boolean" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "executable": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "title": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pe": { + "properties": { + "company": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "file_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "original_file_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "product": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "title": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "ignore_above": 1024, + "type": "keyword" + }, + "strings": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hive": { + "ignore_above": 1024, + "type": "keyword" + }, + "key": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "value": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "related": { + "properties": { + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "rule": { + "dynamic": false, + "properties": { + "author": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "license": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "ruleset": { + "ignore_above": 1024, + "type": "keyword" + }, + "uuid": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "type": "object" + }, + "server": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "service": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "node": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "threat": { + "properties": { + "framework": { + "ignore_above": 1024, + "type": "keyword" + }, + "tactic": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "technique": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "client": { + "properties": { + "certificate": { + "ignore_above": 1024, + "type": "keyword" + }, + "certificate_chain": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "issuer": { + "ignore_above": 1024, + "type": "keyword" + }, + "ja3": { + "ignore_above": 1024, + "type": "keyword" + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "server_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject": { + "ignore_above": 1024, + "type": "keyword" + }, + "supported_ciphers": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "curve": { + "ignore_above": 1024, + "type": "keyword" + }, + "established": { + "type": "boolean" + }, + "next_protocol": { + "ignore_above": 1024, + "type": "keyword" + }, + "resumed": { + "type": "boolean" + }, + "server": { + "properties": { + "certificate": { + "ignore_above": 1024, + "type": "keyword" + }, + "certificate_chain": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "issuer": { + "ignore_above": 1024, + "type": "keyword" + }, + "ja3s": { + "ignore_above": 1024, + "type": "keyword" + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "subject": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "trace": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "transaction": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "url": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "fragment": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "scheme": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "username": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "effective": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "fields": { + "keyword": { + "type": "keyword" + }, + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "classification": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "enumeration": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "report_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "scanner": { + "properties": { + "vendor": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "score": { + "properties": { + "base": { + "type": "float" + }, + "environmental": { + "type": "float" + }, + "temporal": { + "type": "float" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "severity": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "winlog": { + "properties": { + "channel": { + "ignore_above": 1024, + "type": "keyword" + }, + "computer_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "event_id": { + "type": "long" + }, + "logon": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "opcode": { + "type": "long" + }, + "provider_guid": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "task": { + "type": "long" + } + } + } + } + }, + "settings": { + "index": { + "auto_expand_replicas": "0-1", + "mapping": { + "ignore_malformed": true, + "total_fields": { + "limit": 10000 + } + }, + "number_of_shards": 5 + } + } +} diff --git a/salt/elasticsearch/templates/so/so-f5-template.json.jinja b/salt/elasticsearch/templates/so/so-f5-template.json.jinja new file mode 100644 index 000000000..682a37c59 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-f5-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-f5:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-f5:refresh', '30s') %} +{ + "index_patterns": ["so-f5-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-fortinet-template.json.jinja b/salt/elasticsearch/templates/so/so-fortinet-template.json.jinja new file mode 100644 index 000000000..616607f52 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-fortinet-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %} +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-gcp-template.json.jinja b/salt/elasticsearch/templates/so/so-gcp-template.json.jinja new file mode 100644 index 000000000..4f1db4f20 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-gcp-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-gcp:refresh', '30s') %} +{ + "index_patterns": ["so-gcp-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-google_workspace-template.json.jinja b/salt/elasticsearch/templates/so/so-google_workspace-template.json.jinja new file mode 100644 index 000000000..5ae26780a --- /dev/null +++ b/salt/elasticsearch/templates/so/so-google_workspace-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:refresh', '30s') %} +{ + "index_patterns": ["so-google_workspace-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-imperva-template.json.jinja b/salt/elasticsearch/templates/so/so-imperva-template.json.jinja new file mode 100644 index 000000000..1f574f33a --- /dev/null +++ b/salt/elasticsearch/templates/so/so-imperva-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-imperva:refresh', '30s') %} +{ + "index_patterns": ["so-imperva-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-infoblox-template.json.jinja b/salt/elasticsearch/templates/so/so-infoblox-template.json.jinja new file mode 100644 index 000000000..de613de7f --- /dev/null +++ b/salt/elasticsearch/templates/so/so-infoblox-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:refresh', '30s') %} +{ + "index_patterns": ["so-infoblox-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-juniper-template.json.jinja b/salt/elasticsearch/templates/so/so-juniper-template.json.jinja new file mode 100644 index 000000000..f637271a9 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-juniper-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-juniper:refresh', '30s') %} +{ + "index_patterns": ["so-juniper-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-kibana-template.json.jinja b/salt/elasticsearch/templates/so/so-kibana-template.json.jinja new file mode 100644 index 000000000..fe2004b0e --- /dev/null +++ b/salt/elasticsearch/templates/so/so-kibana-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-kibana:refresh', '30s') %} +{ + "index_patterns": ["so-kibana-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-logstash-template.json.jinja b/salt/elasticsearch/templates/so/so-logstash-template.json.jinja new file mode 100644 index 000000000..2cf0aba42 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-logstash-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-logstash:refresh', '30s') %} +{ + "index_patterns": ["so-logstash-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-microsoft-template.json.jinja b/salt/elasticsearch/templates/so/so-microsoft-template.json.jinja new file mode 100644 index 000000000..3493ccbb2 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-microsoft-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:refresh', '30s') %} +{ + "index_patterns": ["so-microsoft-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-misp-template.json.jinja b/salt/elasticsearch/templates/so/so-misp-template.json.jinja new file mode 100644 index 000000000..67af1efde --- /dev/null +++ b/salt/elasticsearch/templates/so/so-misp-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-misp:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-misp:refresh', '30s') %} +{ + "index_patterns": ["so-misp-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-netflow-template.json.jinja b/salt/elasticsearch/templates/so/so-netflow-template.json.jinja new file mode 100644 index 000000000..62c0972bf --- /dev/null +++ b/salt/elasticsearch/templates/so/so-netflow-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netflow:refresh', '30s') %} +{ + "index_patterns": ["so-netflow-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-netscout-template.json.jinja b/salt/elasticsearch/templates/so/so-netscout-template.json.jinja new file mode 100644 index 000000000..1dfe336d9 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-netscout-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netscout:refresh', '30s') %} +{ + "index_patterns": ["so-netscout-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-o365-template.json.jinja b/salt/elasticsearch/templates/so/so-o365-template.json.jinja new file mode 100644 index 000000000..c1f4826f4 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-o365-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-o365:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-o365:refresh', '30s') %} +{ + "index_patterns": ["so-o365-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-okta-template.json.jinja b/salt/elasticsearch/templates/so/so-okta-template.json.jinja new file mode 100644 index 000000000..a4f2df44e --- /dev/null +++ b/salt/elasticsearch/templates/so/so-okta-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-okta:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-okta:refresh', '30s') %} +{ + "index_patterns": ["so-okta-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-proofpoint-template.json.jinja b/salt/elasticsearch/templates/so/so-proofpoint-template.json.jinja new file mode 100644 index 000000000..d7b0ecbe2 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-proofpoint-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:refresh', '30s') %} +{ + "index_patterns": ["so-proofpoint-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-radware-template.json.jinja b/salt/elasticsearch/templates/so/so-radware-template.json.jinja new file mode 100644 index 000000000..4efef6a4f --- /dev/null +++ b/salt/elasticsearch/templates/so/so-radware-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-radware:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-radware:refresh', '30s') %} +{ + "index_patterns": ["so-radware-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-redis-template.json.jinja b/salt/elasticsearch/templates/so/so-redis-template.json.jinja new file mode 100644 index 000000000..616607f52 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-redis-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %} +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-snort-template.json.jinja b/salt/elasticsearch/templates/so/so-snort-template.json.jinja new file mode 100644 index 000000000..325f86bde --- /dev/null +++ b/salt/elasticsearch/templates/so/so-snort-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snort:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snort:refresh', '30s') %} +{ + "index_patterns": ["so-snort-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-snyk-template.json.jinja b/salt/elasticsearch/templates/so/so-snyk-template.json.jinja new file mode 100644 index 000000000..0c2d291cc --- /dev/null +++ b/salt/elasticsearch/templates/so/so-snyk-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snyk:refresh', '30s') %} +{ + "index_patterns": ["so-snyk-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-sonicwall-template.json.jinja b/salt/elasticsearch/templates/so/so-sonicwall-template.json.jinja new file mode 100644 index 000000000..b912e4d66 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-sonicwall-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:refresh', '30s') %} +{ + "index_patterns": ["so-sonicwall-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-sophos-template.json.jinja b/salt/elasticsearch/templates/so/so-sophos-template.json.jinja new file mode 100644 index 000000000..689e19999 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-sophos-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sophos:refresh', '30s') %} +{ + "index_patterns": ["so-sophos-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-squid-template.json.jinja b/salt/elasticsearch/templates/so/so-squid-template.json.jinja new file mode 100644 index 000000000..9398b8a99 --- /dev/null +++ b/salt/elasticsearch/templates/so/so-squid-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-squid:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-squid:refresh', '30s') %} +{ + "index_patterns": ["so-squid-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-tomcat-template.json.jinja b/salt/elasticsearch/templates/so/so-tomcat-template.json.jinja new file mode 100644 index 000000000..797e71bcf --- /dev/null +++ b/salt/elasticsearch/templates/so/so-tomcat-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:refresh', '30s') %} +{ + "index_patterns": ["so-tomcat-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/elasticsearch/templates/so/so-zscaler-template.json.jinja b/salt/elasticsearch/templates/so/so-zscaler-template.json.jinja new file mode 100644 index 000000000..01d1cab2d --- /dev/null +++ b/salt/elasticsearch/templates/so/so-zscaler-template.json.jinja @@ -0,0 +1,13 @@ +{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:shards', 1) %} +{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %} +{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:refresh', '30s') %} +{ + "index_patterns": ["so-zscaler-*"], + "version":50001, + "order":11, + "settings":{ + "number_of_replicas":{{ REPLICAS }}, + "number_of_shards":{{ SHARDS }}, + "index.refresh_interval":"{{ REFRESH }}" + } +} diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 2a86b486f..0c27e3c1b 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -16,6 +16,7 @@ {%- set FBMEMFLUSHMINEVENTS = salt['pillar.get']('filebeat:mem_flush_min_events', 2048) -%} {%- set FBLSWORKERS = salt['pillar.get']('filebeat:ls_workers', 1) -%} {%- set FBLSBULKMAXSIZE = salt['pillar.get']('filebeat:ls_bulk_max_size', 2048) -%} +{%- set FBLOGGINGLEVEL = salt['pillar.get']('filebeat:logging:level', 'warning') -%} name: {{ HOSTNAME }} @@ -25,7 +26,7 @@ name: {{ HOSTNAME }} # Sets log level. The default log level is info. # Available log levels are: error, warning, info, debug -logging.level: warning +logging.level: {{ FBLOGGINGLEVEL }} # Enable debug output for selected components. To enable all selectors use ["*"] # Other available selectors are "beat", "publish", "service" @@ -111,6 +112,21 @@ filebeat.inputs: fields: ["source", "prospector", "input", "offset", "beat"] fields_under_root: true +{%- if grains['role'] in ['so-eval', 'so-standalone', 'so-manager', 'so-managersearch', 'so-import'] %} +- type: log + paths: + - /logs/logscan/alerts.log + fields: + module: logscan + dataset: alert + processors: + - drop_fields: + fields: ["source", "prospector", "input", "offset", "beat"] + fields_under_root: true + clean_removed: true + close_removed: false +{%- endif %} + {%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %} {%- if ZEEKVER != 'SURICATA' %} {%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %} @@ -293,6 +309,9 @@ output.elasticsearch: - index: "so-strelka" when.contains: module: "strelka" + - index: "so-logscan" + when.contains: + module: "logscan" setup.template.enabled: false {%- else %} diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index f03d3dc1a..e5d7228dc 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -25,9 +25,10 @@ {% from 'filebeat/map.jinja' import SO with context %} {% set ES_INCLUDED_NODES = ['so-eval', 'so-standalone', 'so-managersearch', 'so-node', 'so-heavynode', 'so-import'] %} +include: + - ssl #only include elastic state for certain nodes {% if grains.role in ES_INCLUDED_NODES %} -include: - elasticsearch {% endif %} @@ -66,7 +67,7 @@ fileregistrydir: - makedirs: True # This needs to be owned by root -filebeatconfsync: +filebeatconf: file.managed: - name: /opt/so/conf/filebeat/etc/filebeat.yml - source: salt://filebeat/etc/filebeat.yml @@ -76,9 +77,10 @@ filebeatconfsync: - defaults: INPUTS: {{ salt['pillar.get']('filebeat:config:inputs', {}) }} OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }} + - show_changes: False # Filebeat module config file -filebeatmoduleconfsync: +filebeatmoduleconf: file.managed: - name: /opt/so/conf/filebeat/etc/module-setup.yml - source: salt://filebeat/etc/module-setup.yml @@ -86,6 +88,7 @@ filebeatmoduleconfsync: - group: root - mode: 640 - template: jinja + - show_changes: False sodefaults_module_conf: file.managed: @@ -135,14 +138,21 @@ so-filebeat: {% endfor %} {% endfor %} - watch: - - file: /opt/so/conf/filebeat/etc/filebeat.yml + - file: filebeatconf + - require: + - file: filebeatconf + - file: filebeatmoduleconf + - file: filebeatmoduledir + - x509: conf_filebeat_crt + - x509: conf_filebeat_key + - x509: trusttheca {% if grains.role in ES_INCLUDED_NODES %} run_module_setup: cmd.run: - name: /usr/sbin/so-filebeat-module-setup - require: - - file: filebeatmoduleconfsync + - file: filebeatmoduleconf - docker_container: so-filebeat - onchanges: - docker_container: so-elasticsearch diff --git a/salt/filebeat/thirdpartydefaults.yaml b/salt/filebeat/thirdpartydefaults.yaml index 112ed6d6c..3be8bb901 100644 --- a/salt/filebeat/thirdpartydefaults.yaml +++ b/salt/filebeat/thirdpartydefaults.yaml @@ -244,6 +244,23 @@ third_party_filebeat: var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9501 + threatintel: + abuseurl: + enabled: false + abusemalware: + enabled: false + misp: + enabled: false + malwarebazaar: + enabled: false + otx: + enabled: false + anomali: + enabled: false + anomalithreatstream: + enabled: false + recordedfuture: + enabled: false zscaler: zia: enabled: false diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index d3fb79117..d5fca081f 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -162,6 +162,9 @@ role: elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} + endgame: + portgroups: + - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} @@ -248,6 +251,9 @@ role: elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} + endgame: + portgroups: + - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} @@ -337,6 +343,9 @@ role: elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} + endgame: + portgroups: + - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} @@ -594,4 +603,4 @@ role: - {{ portgroups.all }} minion: portgroups: - - {{ portgroups.salt_manager }} \ No newline at end of file + - {{ portgroups.salt_manager }} diff --git a/salt/firewall/portgroups.yaml b/salt/firewall/portgroups.yaml index 1386267f5..d81d00d6a 100644 --- a/salt/firewall/portgroups.yaml +++ b/salt/firewall/portgroups.yaml @@ -39,6 +39,9 @@ firewall: elasticsearch_rest: tcp: - 9200 + endgame: + tcp: + - 3765 fleet_api: tcp: - 8090 diff --git a/salt/fleet/event_update-enroll-secret.sls b/salt/fleet/event_update-enroll-secret.sls index 609020247..475c3e968 100644 --- a/salt/fleet/event_update-enroll-secret.sls +++ b/salt/fleet/event_update-enroll-secret.sls @@ -1,4 +1,4 @@ -{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} +{% set ENROLLSECRET = salt['cmd.shell']('docker exec so-fleet fleetctl get enroll-secret --json | jq -r ".spec.secrets[].secret"') %} so/fleet: event.send: diff --git a/salt/fleet/files/packs/osquery-config.conf b/salt/fleet/files/packs/osquery-config.conf index 4ce82cb8d..23307b391 100644 --- a/salt/fleet/files/packs/osquery-config.conf +++ b/salt/fleet/files/packs/osquery-config.conf @@ -1,31 +1,34 @@ +--- apiVersion: v1 -kind: options +kind: config spec: - config: - decorators: - always: - - SELECT codename FROM os_version; - - SELECT uuid AS live_query FROM system_info; - - SELECT address AS endpoint_ip1 FROM interface_addresses where address not - like '%:%' and address not like '127%' and address not like '169%' order by - interface desc limit 1; - - SELECT address AS endpoint_ip2 FROM interface_addresses where address not - like '%:%' and address not like '127%' and address not like '169%' order by - interface asc limit 1; - - SELECT hardware_serial FROM system_info; - - SELECT hostname AS hostname FROM system_info; - options: - decorations_top_level: true - disable_distributed: false - distributed_interval: 10 - distributed_plugin: tls - distributed_tls_max_attempts: 3 - distributed_tls_read_endpoint: /api/v1/osquery/distributed/read - distributed_tls_write_endpoint: /api/v1/osquery/distributed/write - enable_windows_events_publisher: true - enable_windows_events_subscriber: true - logger_plugin: tls - logger_tls_endpoint: /api/v1/osquery/log - logger_tls_period: 10 - pack_delimiter: _ - overrides: {} + agent_options: + config: + decorators: + always: + - SELECT codename FROM os_version; + - SELECT uuid AS live_query FROM system_info; + - SELECT address AS endpoint_ip1 FROM interface_addresses where address not + like '%:%' and address not like '127%' and address not like '169%' order by + interface desc limit 1; + - SELECT address AS endpoint_ip2 FROM interface_addresses where address not + like '%:%' and address not like '127%' and address not like '169%' order by + interface asc limit 1; + - SELECT hardware_serial FROM system_info; + - SELECT hostname AS hostname FROM system_info; + options: + decorations_top_level: true + disable_distributed: false + distributed_interval: 10 + distributed_plugin: tls + distributed_tls_max_attempts: 3 + distributed_tls_read_endpoint: /api/v1/osquery/distributed/read + distributed_tls_write_endpoint: /api/v1/osquery/distributed/write + enable_windows_events_publisher: true + enable_windows_events_subscriber: true + logger_plugin: tls + logger_tls_endpoint: /api/v1/osquery/log + logger_tls_period: 10 + pack_delimiter: _ + server_settings: + enable_analytics: false \ No newline at end of file diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 1bb4e73d6..8039485c7 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -17,6 +17,7 @@ include: + - ssl - mysql # Fleet Setup @@ -114,20 +115,20 @@ so-fleet: - port_bindings: - 0.0.0.0:8080:8080 - environment: - - KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306 - - KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379 - - KOLIDE_MYSQL_DATABASE=fleet - - KOLIDE_MYSQL_USERNAME=fleetdbuser - - KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }} - - KOLIDE_SERVER_CERT=/ssl/server.cert - - KOLIDE_SERVER_KEY=/ssl/server.key - - KOLIDE_LOGGING_JSON=true - - KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }} - - KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log - - KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log - - KOLIDE_SERVER_URL_PREFIX=/fleet - - KOLIDE_FILESYSTEM_ENABLE_LOG_ROTATION=true - - KOLIDE_FILESYSTEM_ENABLE_LOG_COMPRESSION=true + - FLEET_MYSQL_ADDRESS={{ MAINIP }}:3306 + - FLEET_REDIS_ADDRESS={{ MAINIP }}:6379 + - FLEET_MYSQL_DATABASE=fleet + - FLEET_MYSQL_USERNAME=fleetdbuser + - FLEET_MYSQL_PASSWORD={{ FLEETPASS }} + - FLEET_SERVER_CERT=/ssl/server.cert + - FLEET_SERVER_KEY=/ssl/server.key + - FLEET_LOGGING_JSON=true + - FLEET_AUTH_JWT_KEY= {{ FLEETJWT }} + - FLEET_FILESYSTEM_STATUS_LOG_FILE=/var/log/fleet/status.log + - FLEET_FILESYSTEM_RESULT_LOG_FILE=/var/log/osquery/result.log + - FLEET_SERVER_URL_PREFIX=/fleet + - FLEET_FILESYSTEM_ENABLE_LOG_ROTATION=true + - FLEET_FILESYSTEM_ENABLE_LOG_COMPRESSION=true - binds: - /etc/pki/fleet.key:/ssl/server.key:ro - /etc/pki/fleet.crt:/ssl/server.cert:ro @@ -136,10 +137,13 @@ so-fleet: - /opt/so/conf/fleet/packs:/packs - watch: - /opt/so/conf/fleet/etc + - require: + - x509: fleet_key + - x509: fleet_crt append_so-fleet_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-fleet -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja new file mode 100644 index 000000000..23060a2fb --- /dev/null +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -0,0 +1,62 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "{{TITLE}}", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": {{ ID }}, + "iteration": 1625757047565, + "links": [], + "panels": [ +{% for panel in PANELS -%} +{%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} +{{ panel | json }} {% if not loop.last %},{% endif %} +{% endfor -%} + ], + "refresh": "5m", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ +{% for template in TEMPLATES.keys() -%} +{%- import_json "grafana/templates/" ~ template ~ ".json" as template %} +{{ template | json }} {% if not loop.last %},{% endif %} +{% endfor -%} + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "browser", + "title": "{{ TITLE }}", + {% if TITLE | lower == 'security onion grid overview' %} + "uid": "so_overview", + {% endif %} + "version": 1 +} diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json deleted file mode 100644 index aa1588a07..000000000 --- a/salt/grafana/dashboards/eval/eval.json +++ /dev/null @@ -1,6305 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Evaluation Mode", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "links": [], - "panels": [ - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [], - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Usage", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 75, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 77, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashes": true, - "fill": 0, - "linewidth": 4, - "spaceLength": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ES Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 15 - }, - "id": 33, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": "", - "title": "{{ SERVERNAME }} - ES Documents", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 15 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "cacheTimeout": null, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(245, 54, 54, 0.9)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 259200 - }, - { - "color": "rgba(50, 172, 45, 0.97)", - "value": 432000 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "id": 22, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" - }, - { - "aliasColors": { - "#cpu": "green", - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 27 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 27 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 34 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Evaluation Mode - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 10 -} diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json deleted file mode 100644 index 7585706c3..000000000 --- a/salt/grafana/dashboards/manager/manager.json +++ /dev/null @@ -1,6722 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of the Manager", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625019296449, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 38, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 17 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - }, - { - "alias": "#cpu Current", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 17 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 17 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Blocked Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Read Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 31 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Manager Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 19 -} diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json deleted file mode 100644 index eae0cda10..000000000 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ /dev/null @@ -1,7535 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of a ManagerSearch Node", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625012701746, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 57, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashes": true, - "fill": 0, - "linewidth": 4, - "spaceLength": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Documents Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - " *8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - " *8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Heap Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 25 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 25 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 30 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 30 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 35 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": false - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "EPS Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "ManagerSearch Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 11 -} diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json deleted file mode 100644 index dd2430b00..000000000 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ /dev/null @@ -1,5466 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of a Search Node", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625015408259, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Documents Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Heap Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 16 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 16 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Search Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 13 -} diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json deleted file mode 100644 index 2bdb0ff12..000000000 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ /dev/null @@ -1,6341 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Sensors", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625017205779, - "links": [], - "panels": [ - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "active" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_active" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 15 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "OutBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "OutBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 27 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 27 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "OutBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "OutBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Filebeat Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Sensor Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 15 -} diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json deleted file mode 100644 index 5f70b922d..000000000 --- a/salt/grafana/dashboards/standalone/standalone.json +++ /dev/null @@ -1,10257 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Standalone Mode", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625018989654, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "super-light-blue" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "#cpu": "green", - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - }, - { - "alias": "#cpu Current", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "light-orange" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Blocked Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 20 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 25 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 25 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 25 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 30 - }, - "hiddenSeries": false, - "id": 51, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 30 - }, - "hiddenSeries": false, - "id": 69, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 30 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 35 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Read Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 35 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": false - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "EPS Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 35 - }, - "hiddenSeries": false, - "id": 61, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 35 - }, - "hiddenSeries": false, - "id": 59, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 40 - }, - "id": 33, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": "", - "title": "{{ SERVERNAME }} - ES Documents", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 40 - }, - "hiddenSeries": false, - "id": 65, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 40 - }, - "hiddenSeries": false, - "id": 63, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 67, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Standalone Mode - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 17 -} diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 171f679e3..77500778c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -23,4 +23,2813 @@ grafana: # config_file: /etc/grafana/config/files/ldap.toml # allow_sign_up: true # enterprise: -# license_path: /opt/so/conf/grafana/etc/files/license.jwt \ No newline at end of file +# license_path: /opt/so/conf/grafana/etc/files/license.jwt + dashboards: + overview: + title: 'Security Onion Grid Overview' + templating: + list: + servername: + text: All + value: "$__all" + role: + allValue: true + multi: true + hide: 0 + text: All + value: "$__all" + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime_graph: + gridPos: + x: 0 + y: 1 + h: 8 + w: 12 + uptime_docker_combined_current_graph: + gridPos: + x: 12 + y: 1 + h: 8 + w: 12 + cpu_usage_current_graph: + gridPos: + x: 0 + y: 9 + h: 8 + w: 24 + memory_usage_percent_graph: + gridPos: + x: 0 + y: 17 + h: 8 + w: 24 + disk_usage_root_percent_graph: + gridPos: + x: 0 + y: 25 + h: 8 + w: 24 + disk_usage_nsm_percent_graph: + gridPos: + x: 0 + y: 33 + h: 8 + w: 24 + swap_usage_percent_graph: + gridPos: + x: 0 + y: 41 + h: 8 + w: 24 + io_wait_graph: + gridPos: + x: 0 + y: 49 + h: 8 + w: 24 + + row_network: + gridPos: + x: 0 + y: 57 + h: 1 + w: 24 + management_interface_traffic_inbound_graph: + gridPos: + x: 0 + y: 58 + h: 8 + w: 24 + management_interface_traffic_outbound_graph: + gridPos: + x: 0 + y: 64 + h: 8 + w: 24 + management_interface_drops_inbound_graph: + gridPos: + x: 0 + y: 72 + h: 8 + w: 24 + management_interface_drops_outbound_graph: + gridPos: + x: 0 + y: 80 + h: 8 + w: 24 + monitor_interface_traffic_inbound_graph: + gridPos: + x: 0 + y: 88 + h: 8 + w: 24 + monitor_interface_drops_inbound_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + + row_packet_loss: + gridPos: + x: 0 + y: 104 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 105 + h: 8 + w: 24 + hideTrend: true + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 113 + h: 8 + w: 24 + hideTrend: true + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 121 + h: 8 + w: 24 + hideTrend: true + + row_cpu: + gridPos: + x: 0 + y: 999 + h: 1 + w: 24 + cpu_usage_tasks_running_graph: + gridPos: + x: 0 + y: 1000 + h: 8 + w: 24 + cpu_usage_tasks_zombies_graph: + gridPos: + x: 0 + y: 1008 + h: 8 + w: 12 + cpu_usage_tasks_stopped_graph: + gridPos: + x: 12 + y: 1008 + h: 8 + w: 12 + cpu_usage_tasks_sleeping_graph: + gridPos: + x: 0 + y: 1016 + h: 8 + w: 12 + cpu_usage_tasks_blocked_graph: + gridPos: + x: 12 + y: 1016 + h: 8 + w: 12 + cpu_usage_tasks_paging_graph: + gridPos: + x: 0 + y: 1024 + h: 8 + w: 12 + cpu_usage_tasks_unknown_graph: + gridPos: + x: 12 + y: 1024 + h: 8 + w: 12 + + + standalone: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_in_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_interface_traffic_both_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_in_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 187 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 188 + h: 8 + w: 12 + zeek_capture_loss_graph: + gridPos: + x: 12 + y: 188 + h: 8 + w: 12 + + row_suricata: + gridPos: + x: 0 + y: 196 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 197 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 205 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 206 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 206 + h: 8 + w: 8 + + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 + + + manager: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_elasticsearch: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 153 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 161 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 161 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 169 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 24 + + row_influxdb: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + + managersearch: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_in_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_in_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 + + + sensor: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_interface_traffic_both_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_traffic_inbound_total_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 77 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 77 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 85 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 86 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 86 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 94 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 95 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 95 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 95 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 103 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 152 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 152 + h: 8 + w: 12 + + row_zeek: + gridPos: + x: 0 + y: 160 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 161 + h: 8 + w: 12 + zeek_capture_loss_graph: + gridPos: + x: 12 + y: 161 + h: 8 + w: 12 + + row_suricata: + gridPos: + x: 0 + y: 169 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 179 + h: 8 + w: 8 + + + searchnode: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_in_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + logstash_estimated_eps_out_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_in_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + logstash_estimated_eps_in_total_graph: + gridPos: + x: 0 + y: 161 + h: 8 + w: 24 + logstash_estimated_eps_out_graph: + gridPos: + x: 0 + y: 169 + h: 8 + w: 24 + logstash_estimated_eps_out_total_graph: + gridPos: + x: 0 + y: 172 + h: 8 + w: 24 + + + heavynode: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_in_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_interface_traffic_both_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_in_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 170 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 171 + h: 8 + w: 12 + zeek_capture_loss_graph: + gridPos: + x: 12 + y: 171 + h: 8 + w: 12 + + row_suricata: + gridPos: + x: 0 + y: 179 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 180 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 188 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 189 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 189 + h: 8 + w: 8 + + + eval: + templating: + list: + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_interface_traffic_both_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 187 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 188 + h: 8 + w: 12 + zeek_capture_loss_graph: + gridPos: + x: 12 + y: 188 + h: 8 + w: 12 + + row_suricata: + gridPos: + x: 0 + y: 196 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 197 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 205 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 206 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 206 + h: 8 + w: 8 + + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 + + + pipeline_overview_nontc: + title: 'Pipeline Overview' + templating: + list: + searchnode: + includeAll: true + multi: true + hide: 2 + text: All + value: "$__all" + panels: + redis_queue_graph: + gridPos: + x: 0 + y: 0 + h: 8 + w: 8 + logstash_eps_in_out_manager_graph: + gridPos: + x: 8 + y: 0 + h: 8 + w: 8 + logstash_indexing_eps_in_searchnode_total_graph: + gridPos: + x: 16 + y: 0 + h: 8 + w: 8 + logstash_indexing_eps_in_out_searchnode_graph: + gridPos: + x: 0 + y: 8 + h: 8 + w: 24 + elasticsearch_ingest_performance_nontc_graph: + gridPos: + x: 0 + y: 16 + h: 8 + w: 24 + elasticsearch_pipeline_time_nontc_graph: + gridPos: + x: 0 + y: 24 + h: 8 + w: 24 + + + pipeline_overview_tc: + title: 'Pipeline Overview' + templating: + list: + searchnode: + includeAll: true + multi: true + hide: 2 + text: All + value: "$__all" + cluster_name: + includeAll: true + multi: true + hide: 2 + text: All + value: "$__all" + panels: + redis_queue_graph: + gridPos: + x: 0 + y: 0 + h: 8 + w: 8 + logstash_eps_in_out_manager_graph: + gridPos: + x: 8 + y: 0 + h: 8 + w: 8 + logstash_indexing_eps_in_searchnode_total_graph: + gridPos: + x: 16 + y: 0 + h: 8 + w: 8 + logstash_indexing_eps_in_out_searchnode_graph: + gridPos: + x: 0 + y: 8 + h: 8 + w: 24 + elasticsearch_ingest_performance_tc_graph: + gridPos: + x: 0 + y: 16 + h: 8 + w: 24 + elasticsearch_pipeline_time_tc_graph: + gridPos: + x: 0 + y: 24 + h: 8 + w: 24 diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml index b00dadc04..2c422069c 100644 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ b/salt/grafana/etc/dashboards/dashboard.yml @@ -1,55 +1,12 @@ apiVersion: 1 providers: +- name: 'Dashboards' + folder: 'Dashboards' + type: file + disableDeletion: false + editable: true + allowUiUpdates: true + options: + path: /etc/grafana/grafana_dashboards/ -{%- if grains['role'] != 'so-eval' %} -- name: 'Manager' - folder: 'Manager' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/manager -- name: 'Manager Search' - folder: 'Manager Search' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/managersearch -- name: 'Sensor Nodes' - folder: 'Sensor Nodes' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/sensor_nodes -- name: 'Search Nodes' - folder: 'Search Nodes' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/search_nodes -- name: 'Standalone' - folder: 'Standalone' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/standalone -{%- else %} -- name: 'Security Onion' - folder: 'Eval Mode' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/eval -{% endif %} diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index b6e20bb9d..3034bc679 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -10,9 +10,28 @@ {% import_yaml 'grafana/defaults.yaml' as default_settings %} {% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} - {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} +{% set ALLOWED_DASHBOARDS = ['overview', 'standalone', 'manager', 'managersearch', 'sensor', 'searchnode', 'heavynode', 'eval'] %} +{% set DASHBOARDS = ['overview'] %} +{% if grains.role == 'so-eval' %} + {% do DASHBOARDS.append('eval') %} +{% else %} + {% if not salt['pillar.get']('elasticsearch:true_cluster', False) %} + {% do DASHBOARDS.append('pipeline_overview_nontc') %} + {% else %} + {% do DASHBOARDS.append('pipeline_overview_tc') %} + {% endif %} + {# Grab a unique listing of nodetypes that exists so that we create only the needed dashboards #} + {% for dashboard in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %} + {% if dashboard in ALLOWED_DASHBOARDS %} + {% do DASHBOARDS.append(dashboard) %} + {% endif %} + {% endfor %} +{% endif %} + + + # Grafana all the things grafanadir: file.directory: @@ -35,47 +54,11 @@ grafanadashdir: - group: 939 - makedirs: True -grafanadashmdir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/manager - - user: 939 - - group: 939 - - makedirs: True - -grafanadashmsdir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/managersearch - - user: 939 - - group: 939 - - makedirs: True - -grafanadashsadir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/standalone - - user: 939 - - group: 939 - - makedirs: True - -grafanadashevaldir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/eval - - user: 939 - - group: 939 - - makedirs: True - -grafanadashfndir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes - - user: 939 - - group: 939 - - makedirs: True - -grafanadashsndir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes - - user: 939 - - group: 939 - - makedirs: True +{% for type in ['eval','manager','managersearch','search_nodes','sensor_nodes','standalone'] %} +remove_dashboard_dir_{{type}}: + file.absent: + - name: /opt/so/conf/grafana/grafana_dashboards/{{type}} +{% endfor %} grafana-dashboard-config: file.managed: @@ -114,142 +97,27 @@ grafana-config-files: - group: 939 - source: salt://grafana/etc/files - makedirs: True - -{% if salt['pillar.get']('managertab', False) %} -{% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-manager: +so-grafana-dashboard-folder-delete: + cmd.run: + - name: /usr/sbin/so-grafana-dashboard-folder-delete + - unless: ls /opt/so/state/so-grafana-dashboard-folder-delete-complete + +{% for dashboard in DASHBOARDS | unique %} +{{dashboard}}-dashboard: file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Manager.json + - name: /opt/so/conf/grafana/grafana_dashboards/{{dashboard}}.json - user: 939 - group: 939 - template: jinja - - source: salt://grafana/dashboards/manager/manager.json + - source: salt://grafana/dashboards/common_template.json.jinja - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - + DASHBOARD: {{ dashboard }} + PANELS: {{GRAFANA_SETTINGS.dashboards[dashboard].panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards[dashboard].templating.list}} + TITLE: {{ GRAFANA_SETTINGS.dashboards[dashboard].get('title', dashboard| capitalize) }} + ID: {{ loop.index }} {% endfor %} -{% endif %} - -{% if salt['pillar.get']('managersearchtab', False) %} -{% for SN, SNDATA in salt['pillar.get']('managersearchtab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-managersearch: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-ManagerSearch.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/managersearch/managersearch.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('standalonetab', False) %} -{% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-standalone: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/standalone/{{ SN }}-Standalone.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/standalone/standalone.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('sensorstab', False) %} -{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/sensor_nodes/sensor.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} - CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('nodestab', False) %} -{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboardsearch-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/search_nodes/searchnode.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('evaltab', False) %} -{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/eval/eval.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} so-grafana: docker_container.running: @@ -269,6 +137,8 @@ so-grafana: - 0.0.0.0:3000:3000 - watch: - file: /opt/so/conf/grafana/* + - require: + - file: grafana-config append_so-grafana_so-status.conf: file.append: @@ -283,4 +153,4 @@ append_so-grafana_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..7d0f67135 --- /dev/null +++ b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja @@ -0,0 +1,223 @@ +{ + "id": 100, + "gridPos": { + "x": {{ PANELS.cpu_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_current_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container CPU Usage Current", + "transformations": [], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 1, + "unit": "percent" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/n_cpus/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-red" + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_percent\") FROM \"docker_container_cpu\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\" fill(null)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + }, + { + "alias": "$tag_host: n_cpus*100", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "n_cpus" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + " * 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja new file mode 100644 index 000000000..2e2dbe797 --- /dev/null +++ b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja @@ -0,0 +1,220 @@ +{ + "id": 101, + "gridPos": { + "x": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container CPU Usage Trend", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": true, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 1, + "unit": "percent" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/n_cpus/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-red" + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + }, + { + "alias": "$tag_host: n_cpus*100", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_n_cpus" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + " * 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "description": "", + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja new file mode 100644 index 000000000..15c70cedd --- /dev/null +++ b/salt/grafana/panels/cpu_usage_current_graph.json.jinja @@ -0,0 +1,150 @@ +{ + "id": 69001, + "gridPos": { + "x": {{ PANELS.cpu_usage_current_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_current_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_current_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_current_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "*-1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_guage.json.jinja b/salt/grafana/panels/cpu_usage_guage.json.jinja new file mode 100644 index 000000000..d5cd949d8 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_guage.json.jinja @@ -0,0 +1,126 @@ +{ + "id": 9, + "gridPos": { + "x": {{ PANELS.cpu_usage_guage.gridPos.x }}, + "y": {{ PANELS.cpu_usage_guage.gridPos.y }}, + "w": {{ PANELS.cpu_usage_guage.gridPos.w }}, + "h": {{ PANELS.cpu_usage_guage.gridPos.h }} + }, + "type": "gauge", + "title": "CPU usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ], + "orderByTime": "ASC" + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja new file mode 100644 index 000000000..dea4c3d8c --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja @@ -0,0 +1,193 @@ +{ + "id": 61871, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), *", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_usage_user) as \"trend_user\", mean(mean_usage_system) as \"trend_system\", mean(mean_usage_softirq) as \"trend_softirq\", mean(mean_usage_steal) as \"trend_steal\", mean(mean_usage_nice) as \"trend_nice\", mean(mean_usage_irq) as \"trend_irq\", mean(mean_usage_iowait) as \"trend_iowait\", mean(mean_usage_guest) as \"trend_guest\", mean(mean_usage_guest_nice) as \"trend_guest_nice\" FROM \"so_long_term\".\"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), * fill(linear)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja new file mode 100644 index 000000000..6a7371038 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69005, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Blocked", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja new file mode 100644 index 000000000..2f56dffaa --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69008, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Paging", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "interval": "30s", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja new file mode 100644 index 000000000..657321696 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69003, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Running", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja new file mode 100644 index 000000000..e88272d2d --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69006, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Sleeping", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja new file mode 100644 index 000000000..d45d59a18 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69007, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Stopped", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja new file mode 100644 index 000000000..f0c3005eb --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69009, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Unknown", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja new file mode 100644 index 000000000..20149ae3b --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -0,0 +1,124 @@ +{ + "id": 69004, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "CPU Tasks Zombies", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja new file mode 100644 index 000000000..4b9c4c7ff --- /dev/null +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -0,0 +1,189 @@ +{ + "id": 60200, + "gridPos": { + "x": {{ PANELS.disk_io_bytes_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_bytes_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_bytes_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_bytes_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk I/O bytes for /dev/$disk", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "bytes", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_bytes),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_bytes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "scopedVars": { + "disk": { + "text": "sda", + "value": "sda", + "selected": false + } + }, + "maxDataPoints": null, + "repeat": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja new file mode 100644 index 000000000..a3f95772c --- /dev/null +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -0,0 +1,190 @@ +{ + "id": 13782, + "gridPos": { + "x": {{ PANELS.disk_io_requests_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_requests_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_requests_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_requests_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk I/O requests for /dev/$disk", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "iops", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(reads),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(writes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "scopedVars": { + "disk": { + "text": "sda", + "value": "sda", + "selected": false + } + }, + "maxDataPoints": null, + "repeat": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja new file mode 100644 index 000000000..fa7c7b51e --- /dev/null +++ b/salt/grafana/panels/disk_io_time_graph.json.jinja @@ -0,0 +1,189 @@ +{ + "id": 56720, + "gridPos": { + "x": {{ PANELS.disk_io_time_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_time_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_time_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_time_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk I/O time for /dev/$disk", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "ms", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_time),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_time),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "scopedVars": { + "disk": { + "text": "sda", + "value": "sda", + "selected": false + } + }, + "maxDataPoints": null, + "repeat": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja new file mode 100644 index 000000000..90212b681 --- /dev/null +++ b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja @@ -0,0 +1,211 @@ +{ + "id": 68888, + "gridPos": { + "x": {{ PANELS.disk_usage_nsm_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_nsm_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_nsm_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_nsm_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk Usage /nsm", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\" fill(linear)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bytes", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/total/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja new file mode 100644 index 000000000..7486b29d9 --- /dev/null +++ b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja @@ -0,0 +1,149 @@ +{ + "id": 47230, + "gridPos": { + "x": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk Usage /nsm", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "percent", + "decimals": 1, + "min": 0, + "max": 100 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_usage_root_graph.json.jinja b/salt/grafana/panels/disk_usage_root_graph.json.jinja new file mode 100644 index 000000000..07ac20bbe --- /dev/null +++ b/salt/grafana/panels/disk_usage_root_graph.json.jinja @@ -0,0 +1,211 @@ +{ + "id": 61880, + "gridPos": { + "x": {{ PANELS.disk_usage_root_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_root_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_root_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_root_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk Usage /", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\" fill(linear)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "stepAfter", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bytes", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/total/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja new file mode 100644 index 000000000..90cc3ff9b --- /dev/null +++ b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja @@ -0,0 +1,149 @@ +{ + "id": 67830, + "gridPos": { + "x": {{ PANELS.disk_usage_root_percent_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_root_percent_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_root_percent_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_root_percent_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Disk Usage /", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "percent", + "decimals": 1, + "min": 0, + "max": 100 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja new file mode 100644 index 000000000..fd296aeb1 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja @@ -0,0 +1,193 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.elasticsearch_document_count_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_document_count_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_document_count_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_document_count_graph.gridPos.h }} + }, + "id": 33, + "links": [], + "maxDataPoints": 750, + "nullPointMode": "connected", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "docs_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "alias": "Document Count Current" + }, + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_docs_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "alias": "Document Count Trend", + "hide": false + } + ], + "thresholds": [], + "title": "Document Count", + "type": "graph", + "options": { + "alertThreshold": true + }, + "interval": "30s", + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:678" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:679" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": false + }, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:1050", + "alias": "/Trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "timeRegions": [], + "cacheTimeout": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja new file mode 100644 index 000000000..aee84c813 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja @@ -0,0 +1,191 @@ +{ + "aliasColors": {}, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 6363, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Fielddata Cache Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja b/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja new file mode 100644 index 000000000..0166ae4b6 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja @@ -0,0 +1,796 @@ +{ + "id": 445549, + "gridPos": { + "x": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Elastic Ingest Performance - $searchnode", + "repeat": "searchnode", + "repeatDirection": "v", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 0, + "unit": "ms" + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "community.id_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_community_id_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "conditionals_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_conditional_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "convert_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_convert_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "data.index.name_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_date_index_name_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "data_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_date_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "dissect_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_dissect_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "dot.expander_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "I", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_dot_expander_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "geoip_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "K", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_geoip_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "grok_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "L", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_grok_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "json_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "O", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_json_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "kv_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "P", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_kv_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "lowercase_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "Q", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_lowercase_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "remove_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "R", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_remove_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "rename_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "S", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_rename_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "script_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "T", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_script_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "url_decodes", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "U", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_user_agent_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + } + ], + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja b/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja new file mode 100644 index 000000000..aaf997836 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja @@ -0,0 +1,793 @@ +{ + "id": 445548, + "gridPos": { + "x": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Elastic Ingest Performance", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "community.id_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_community_id_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "conditionals_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_conditional_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "convert_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_convert_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "data.index.name_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_date_index_name_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "data_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_date_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "dissect_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_dissect_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "dot.expander_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "I", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_dot_expander_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "geoip_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "K", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_geoip_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "grok_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "L", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_grok_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "json_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "O", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_json_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "kv_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "P", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_kv_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "lowercase_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "Q", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_lowercase_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "remove_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "R", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_remove_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "rename_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "S", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_rename_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "script_time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "T", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_script_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + }, + { + "alias": "url_decodes", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "U", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ingest_processor_stats_user_agent_time_in_millis" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "ms" + }, + "overrides": [] + }, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja b/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja new file mode 100644 index 000000000..2920ef314 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja @@ -0,0 +1,153 @@ +{ + "id": 445552, + "gridPos": { + "x": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Pipeline Time", + "datasource": "InfluxDB", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "ms" + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "$tag_host", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_pipeline_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/search/" + }, + { + "key": "role", + "value": "heavynode", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + } + ] +} + + + + + + + diff --git a/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja b/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja new file mode 100644 index 000000000..42ac51038 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja @@ -0,0 +1,129 @@ +{ + "id": 445552, + "gridPos": { + "x": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Pipeline Time", + "datasource": "InfluxDB", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "ms" + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "Time", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_clusterstats_nodes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "ingest_processor_stats_pipeline_time_in_millis" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_difference", + "params": [] + } + ] + ], + "tags": [ + { + "key": "cluster_name", + "operator": "=", + "value": "$cluster_name" + } + ] + } + ] +} + + + + + + + diff --git a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja new file mode 100644 index 000000000..554809b5c --- /dev/null +++ b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja @@ -0,0 +1,195 @@ +{ + "aliasColors": {}, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_store_size_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_store_size_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_store_size_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_store_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 63442, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Store Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja new file mode 100644 index 000000000..e1d8edd98 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja @@ -0,0 +1,192 @@ +{ + "aliasColors": {}, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_thread_count_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_thread_count_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_thread_count_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_thread_count_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 56565, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Count Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Count Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Thread Count", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/influxdb_db_size_graph.json.jinja b/salt/grafana/panels/influxdb_db_size_graph.json.jinja new file mode 100644 index 000000000..71d636fe9 --- /dev/null +++ b/salt/grafana/panels/influxdb_db_size_graph.json.jinja @@ -0,0 +1,191 @@ +{ + "aliasColors": {}, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.influxdb_db_size_graph.gridPos.x }}, + "y": {{ PANELS.influxdb_db_size_graph.gridPos.y }}, + "w": {{ PANELS.influxdb_db_size_graph.gridPos.w }}, + "h": {{ PANELS.influxdb_db_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 69, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "InfluxDB Database Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "deckbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/io_wait_graph.json.jinja b/salt/grafana/panels/io_wait_graph.json.jinja new file mode 100644 index 000000000..9447563ec --- /dev/null +++ b/salt/grafana/panels/io_wait_graph.json.jinja @@ -0,0 +1,148 @@ +{ + "id": 69011, + "gridPos": { + "x": {{ PANELS.io_wait_graph.gridPos.x }}, + "y": {{ PANELS.io_wait_graph.gridPos.y }}, + "w": {{ PANELS.io_wait_graph.gridPos.w }}, + "h": {{ PANELS.io_wait_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "IO Wait", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "description": "", + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja new file mode 100644 index 000000000..4fe4a3d8e --- /dev/null +++ b/salt/grafana/panels/io_wait_stat.json.jinja @@ -0,0 +1,125 @@ +{ + "id": 61867, + "gridPos": { + "x": {{ PANELS.io_wait_stat.gridPos.x }}, + "y": {{ PANELS.io_wait_stat.gridPos.y }}, + "w": {{ PANELS.io_wait_stat.gridPos.w }}, + "h": {{ PANELS.io_wait_stat.gridPos.h }} + }, + "type": "stat", + "title": "IOWait", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 40 + }, + { + "color": "dark-red", + "value": 50 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 2, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE (host =~ /$servername$/ AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/load_average_5_minute_stat.json.jinja b/salt/grafana/panels/load_average_5_minute_stat.json.jinja new file mode 100644 index 000000000..8198a8d19 --- /dev/null +++ b/salt/grafana/panels/load_average_5_minute_stat.json.jinja @@ -0,0 +1,118 @@ +{ + "id": 61859, + "gridPos": { + "x": {{ PANELS.load_average_5_minute_stat.gridPos.x }}, + "y": {{ PANELS.load_average_5_minute_stat.gridPos.y }}, + "w": {{ PANELS.load_average_5_minute_stat.gridPos.w }}, + "h": {{ PANELS.load_average_5_minute_stat.gridPos.h }} + }, + "type": "stat", + "title": "5 Minute Load Average - $cpucount Cores", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": "$cpucount / 1.5" + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": "$cpucount" + } + ] + }, + "mappings": [ + { + "options": { + "from": null, + "result": { + "text": "N/A" + }, + "to": null + }, + "type": "range" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "unit": "none" + }, + "overrides": [] + }, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT last(\"load5\") FROM \"system\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load5" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "cacheTimeout": null, + "maxDataPoints": null +} diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja new file mode 100644 index 000000000..b92a5ba6c --- /dev/null +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -0,0 +1,187 @@ +{ + "id": 61869, + "gridPos": { + "x": {{ PANELS.load_averages_graph.gridPos.x }}, + "y": {{ PANELS.load_averages_graph.gridPos.y }}, + "w": {{ PANELS.load_averages_graph.gridPos.w }}, + "h": {{ PANELS.load_averages_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "1 Minute Load Average", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(load1) as \"1 minute\", last(n_cpus) as \"Total Cores\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_load1) as \"trend_1 minute\" FROM \"so_long_term\".\"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * fill(linear) ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja b/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja new file mode 100644 index 000000000..7812ca0bd --- /dev/null +++ b/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja @@ -0,0 +1,403 @@ +{ + "id": 77741, + "gridPos": { + "x": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.x }}, + "y": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.y }}, + "w": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.w }}, + "h": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Manager Logstash Events", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "description": "Events from the grid to redis", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 50, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 2, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Incoming/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/Outgoing/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Incoming hidden" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Outgoing hidden" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Outgoing hidden" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Incoming hidden" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Incoming" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Outgoing" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/hidden/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "Incoming", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + }, + { + "alias": "Outgoing", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + }, + { + "alias": "Incoming hidden", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + }, + { + "alias": "Outgoing hidden", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + } + ], + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja new file mode 100644 index 000000000..c1c9ed39a --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja @@ -0,0 +1,230 @@ +{ + "id": 76, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Estimated EPS In", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "alias": "$tag_host: $col", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) as \"current_in\" FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": true + }, + { + "refId": "B", + "hide": false, + "policy": "so_long_term", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "mean_in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "alias": "$tag_host: $col", + "query": "SELECT non_negative_derivative(mean(\"mean_in\"), 1s) as \"trend_in\" FROM \"so_long_term\".\"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": true + } + ], + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null, + "transformations": [] +} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja new file mode 100644 index 000000000..f492dd4b9 --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja @@ -0,0 +1,136 @@ +{ + "id": 23, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.h }} + }, + "type": "stat", + "title": "Estimated EPS In - Selected Total", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + }, + { + "color": "dark-green", + "value": 1 + } + ] + }, + "mappings": [ + { + "type": "special", + "options": { + "match": "null", + "result": { + "text": "N/A" + } + } + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "unit": "short" + }, + "overrides": [] + }, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events" + } + ], + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "timeFrom": null +} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja new file mode 100644 index 000000000..42399b5ca --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja @@ -0,0 +1,156 @@ +{ + "id": 69001, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Estimated EPS In - Selected Total", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true, + "alias": "Total EPS" + } + } + ], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false + } + ], + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja new file mode 100644 index 000000000..16878ee6e --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja @@ -0,0 +1,230 @@ +{ + "id": 69000, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Estimated EPS Out", + "transformations": [], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "alias": "$tag_host: $col", + "query": "SELECT non_negative_derivative(mean(\"out\"), 1s) as \"current_out\" FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": true + }, + { + "refId": "B", + "hide": false, + "policy": "so_long_term", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "mean_in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "alias": "$tag_host: $col", + "query": "SELECT non_negative_derivative(mean(\"mean_out\"), 1s) as \"trend_out\" FROM \"so_long_term\".\"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": true + } + ], + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja new file mode 100644 index 000000000..dc87661f5 --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja @@ -0,0 +1,136 @@ +{ + "id": 22323, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.h }} + }, + "type": "stat", + "title": "Estimated EPS Out - Selected Total", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + }, + { + "color": "dark-green", + "value": 1 + } + ] + }, + "mappings": [ + { + "type": "special", + "options": { + "match": "null", + "result": { + "text": "N/A" + } + } + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "unit": "short" + }, + "overrides": [] + }, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events" + } + ], + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "timeFrom": null +} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja new file mode 100644 index 000000000..3d1600c39 --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja @@ -0,0 +1,156 @@ +{ + "id": 69002, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Estimated EPS Out - Selected Total", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true, + "alias": "Total EPS" + } + } + ], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "refId": "A", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "value": "/^$servername$/", + "operator": "=~" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "measurement": "logstash_events", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false + } + ], + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja b/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja new file mode 100644 index 000000000..ab7a569bb --- /dev/null +++ b/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja @@ -0,0 +1,411 @@ +{ + "id": 445554, + "gridPos": { + "x": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.x }}, + "y": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.y }}, + "w": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.w }}, + "h": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Indexing Events Per Second - $searchnode", + "repeat": "searchnode", + "repeatDirection": "v", + "transformations": [], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 50, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 2, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Incoming/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/Outgoing/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Incoming hidden" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Outgoing hidden" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Incoming" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Outgoing" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Outgoing hidden" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Incoming hidden" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/hidden/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "multi" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "Incoming", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "Outgoing", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "Incoming hidden", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + }, + { + "alias": "Outgoing hidden", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "out" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$searchnode" + } + ] + } + ], + "description": "", + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja b/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja new file mode 100644 index 000000000..81876a606 --- /dev/null +++ b/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja @@ -0,0 +1,170 @@ +{ + "id": 69001, + "gridPos": { + "x": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.x }}, + "y": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.y }}, + "w": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.w }}, + "h": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Total Searchnode Indexing Events Per Second", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Total EPS", + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "EPS", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "fixed", + "fixedColor": "orange" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "decimals": 2, + "unit": "short" + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "logstash_events", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "in" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/search/" + }, + { + "key": "role", + "value": "heavynode", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "standalone", + "operator": "=", + "condition": "OR" + }, + { + "key": "role", + "value": "eval", + "operator": "=", + "condition": "OR" + } + ] + } + ], + "description": "", + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja new file mode 100644 index 000000000..9de6c8f19 --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -0,0 +1,282 @@ +{ + "id": 61877, + "gridPos": { + "x": {{ PANELS.management_interface_drops_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Drops", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "maxDataPoints": 750, + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Drops per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja new file mode 100644 index 000000000..1ca096743 --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja @@ -0,0 +1,142 @@ +{ + "id": 61877, + "gridPos": { + "x": {{ PANELS.management_interface_drops_inbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_inbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_inbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_inbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Drops - Inbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Drops per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja new file mode 100644 index 000000000..91fcb5b22 --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja @@ -0,0 +1,142 @@ +{ + "id": 188189, + "gridPos": { + "x": {{ PANELS.management_interface_drops_outbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_outbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_outbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_outbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Drops - Outbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Drops per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja new file mode 100644 index 000000000..b3e429f2f --- /dev/null +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -0,0 +1,283 @@ +{ + "id": 61875, + "gridPos": { + "x": {{ PANELS.management_interface_packets_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_packets_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_packets_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_packets_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Packets", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Packets per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja new file mode 100644 index 000000000..e15bef885 --- /dev/null +++ b/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja @@ -0,0 +1,409 @@ +{ + "id": 18, + "gridPos": { + "x": {{ PANELS.management_interface_traffic_both_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_both_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_both_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_both_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Traffic ", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 2, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "bps", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 4, + 10 + ], + "fill": "dash" + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: RX Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + }, + { + "alias": "$tag_host: $tag_interface: TX Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + }, + { + "alias": "$tag_host: $tag_interface: RX Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "linear" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + }, + { + "alias": "$tag_host: $tag_interface: TX Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "linear" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + } + ], + "description": "", + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja new file mode 100644 index 000000000..3f876a18d --- /dev/null +++ b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja @@ -0,0 +1,164 @@ +{ + "id": 18, + "gridPos": { + "x": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Traffic - Inbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 2, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "bps", + "decimals": 1, + "min": 0 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$manint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja new file mode 100644 index 000000000..48817d448 --- /dev/null +++ b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja @@ -0,0 +1,162 @@ +{ + "id": 69014, + "gridPos": { + "x": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Management Interface Traffic - Outbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 2, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "bps", + "decimals": 1, + "min": 0 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja new file mode 100644 index 000000000..662eb18c1 --- /dev/null +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -0,0 +1,208 @@ +{ + "id": 61873, + "gridPos": { + "x": {{ PANELS.memory_usage_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Memory Usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trend_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bytes", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/total/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C4162A", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/memory_usage_percent_graph.json.jinja b/salt/grafana/panels/memory_usage_percent_graph.json.jinja new file mode 100644 index 000000000..620c3ea72 --- /dev/null +++ b/salt/grafana/panels/memory_usage_percent_graph.json.jinja @@ -0,0 +1,139 @@ +{ + "id": 69013, + "gridPos": { + "x": {{ PANELS.memory_usage_percent_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_percent_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_percent_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_percent_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Memory Usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "interval": "30s", + "description": "", + "timeFrom": null, + "timeShift": null, + "maxDataPoints": null +} diff --git a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..8a5ee72ce --- /dev/null +++ b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja @@ -0,0 +1,143 @@ +{ + "id": 102, + "gridPos": { + "x": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container Memory Usage Current", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "percent", + "decimals": 1 + }, + "overrides": [] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja new file mode 100644 index 000000000..fb3aa402c --- /dev/null +++ b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja @@ -0,0 +1,143 @@ +{ + "id": 103, + "gridPos": { + "x": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container Memory Usage Trend", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "maxDataPoints": 750, + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "mean_usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": true, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "percent", + "decimals": 1 + }, + "overrides": [] + }, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja new file mode 100644 index 000000000..993926156 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -0,0 +1,282 @@ +{ + "id": 61387, + "gridPos": { + "x": {{ PANELS.monitor_interface_drops_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_drops_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_drops_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_drops_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Interface Drops", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "maxDataPoints": 750, + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Drops per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja new file mode 100644 index 000000000..2c4574f84 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja @@ -0,0 +1,125 @@ +{ + "id": 188190, + "gridPos": { + "x": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Interface Drops - Inbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Drops per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja new file mode 100644 index 000000000..4c44fdb87 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -0,0 +1,282 @@ +{ + "id": 61878, + "gridPos": { + "x": {{ PANELS.monitor_interface_packets_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_packets_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_packets_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_packets_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Interface Packets", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "maxDataPoints": 750, + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "last" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "Packets per second", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "pps", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja new file mode 100644 index 000000000..3c1a6fc74 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja @@ -0,0 +1,276 @@ +{ + "id": 10, + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Interface Traffic", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 2, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "bps", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 4, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/veth/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "tooltip": true, + "viz": true, + "legend": true + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "last" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_interface: RX Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$monint$/" + } + ] + }, + { + "alias": "$tag_host: $tag_interface: RX Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "interface" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$monint$/" + } + ] + } + ], + "description": "", + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja new file mode 100644 index 000000000..5365bd3ac --- /dev/null +++ b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja @@ -0,0 +1,167 @@ +{ + "id": 188188, + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Interface Traffic - Inbound", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 2, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + }, + "lineStyle": { + "fill": "solid" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "bps", + "decimals": 1, + "min": 0 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$monint$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja new file mode 100644 index 000000000..67e92668d --- /dev/null +++ b/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja @@ -0,0 +1,178 @@ +{ + "id": 224244, + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Monitor Traffic - Selected Total", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Total Monitor Traffic", + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "auto", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 1 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "decimals": 1, + "unit": "bps" + }, + "overrides": [] + }, + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" =~ /^$servername$/ AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$monint$/" + } + ] + } + ], + "cacheTimeout": null, + "description": "", + "maxDataPoints": null +} diff --git a/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja b/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja new file mode 100644 index 000000000..283d93f7a --- /dev/null +++ b/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja @@ -0,0 +1,152 @@ +{ + "id": 24, + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_stat.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_stat.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_stat.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_stat.gridPos.h }} + }, + "type": "stat", + "title": "Monitor Traffic - Selected Total", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 1 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 2, + "unit": "bps" + }, + "overrides": [] + }, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "bytes_recv" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + }, + { + "type": "math", + "params": [ + "*8" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$monint$/" + } + ], + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" =~ /^$servername$/ AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "interval": null, + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "alias": "Monitor Traffic", + "replaceFields": true + } + } + ], + "description": "" +} diff --git a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..9a9d81504 --- /dev/null +++ b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja @@ -0,0 +1,232 @@ +{ + "id": 61868, + "gridPos": { + "x": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container Network Usage Current", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name RX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "hide": false + }, + { + "alias": "$tag_host: $tag_container_name TX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 5, + "gradientMode": "none", + "spanNulls": true, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bps", + "decimals": 1 + }, + "overrides": [] + }, + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja new file mode 100644 index 000000000..b8dc975d8 --- /dev/null +++ b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja @@ -0,0 +1,231 @@ +{ + "id": 61461, + "gridPos": { + "x": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Container Network Usage Trend", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "5m", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $tag_container_name RX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + }, + { + "alias": "$tag_host: $tag_container_name TX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 5, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bps", + "decimals": 1 + }, + "overrides": [] + }, + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja new file mode 100644 index 000000000..3175d3bfd --- /dev/null +++ b/salt/grafana/panels/nsm_used_guage.json.jinja @@ -0,0 +1,121 @@ +{ + "id": 12, + "gridPos": { + "x": {{ PANELS.nsm_used_guage.gridPos.x }}, + "y": {{ PANELS.nsm_used_guage.gridPos.y }}, + "w": {{ PANELS.nsm_used_guage.gridPos.w }}, + "h": {{ PANELS.nsm_used_guage.gridPos.h }} + }, + "type": "gauge", + "title": "NSM used", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/pcap_retention_stat.json.jinja b/salt/grafana/panels/pcap_retention_stat.json.jinja new file mode 100644 index 000000000..138b18e6b --- /dev/null +++ b/salt/grafana/panels/pcap_retention_stat.json.jinja @@ -0,0 +1,113 @@ +{ + "id": 26, + "gridPos": { + "x": {{ PANELS.pcap_retention_stat.gridPos.x }}, + "y": {{ PANELS.pcap_retention_stat.gridPos.y }}, + "w": {{ PANELS.pcap_retention_stat.gridPos.w }}, + "h": {{ PANELS.pcap_retention_stat.gridPos.h }} + }, + "type": "stat", + "title": "PCAP Retention", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 2, + "unit": "d" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto" + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "/86400" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja new file mode 100644 index 000000000..302175c36 --- /dev/null +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -0,0 +1,203 @@ +{ + "id": 61852, + "gridPos": { + "x": {{ PANELS.process_status_graph.gridPos.x }}, + "y": {{ PANELS.process_status_graph.gridPos.y }}, + "w": {{ PANELS.process_status_graph.gridPos.w }}, + "h": {{ PANELS.process_status_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Process Status", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "short", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_running) as trend_running, mean(mean_blocked) as trend_blocked, mean(mean_sleeping) as trend_sleeping, mean(mean_stopped) as trend_stopped, mean(mean_zombies) as trend_zombies, mean(mean_paging) as trend_paging, mean(mean_unknown) as trend_unknown FROM \"so_long_term\".\"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/ram_usage_guage.json.jinja b/salt/grafana/panels/ram_usage_guage.json.jinja new file mode 100644 index 000000000..813b9cba8 --- /dev/null +++ b/salt/grafana/panels/ram_usage_guage.json.jinja @@ -0,0 +1,114 @@ +{ + "id": 61860, + "gridPos": { + "x": {{ PANELS.ram_usage_guage.gridPos.x }}, + "y": {{ PANELS.ram_usage_guage.gridPos.y }}, + "w": {{ PANELS.ram_usage_guage.gridPos.w }}, + "h": {{ PANELS.ram_usage_guage.gridPos.h }} + }, + "type": "gauge", + "title": "RAM usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "orderByTime": "ASC" + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/redis_queue_graph.json.jinja b/salt/grafana/panels/redis_queue_graph.json.jinja new file mode 100644 index 000000000..b33290008 --- /dev/null +++ b/salt/grafana/panels/redis_queue_graph.json.jinja @@ -0,0 +1,208 @@ +{ + "id": 55, + "gridPos": { + "x": {{ PANELS.redis_queue_graph.gridPos.x }}, + "y": {{ PANELS.redis_queue_graph.gridPos.y }}, + "w": {{ PANELS.redis_queue_graph.gridPos.w }}, + "h": {{ PANELS.redis_queue_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Redis Queue", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "short", + "decimals": 2 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean" + ] + } + }, + "targets": [ + { + "alias": "Queue Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "condition": "OR", + "key": "role", + "operator": "=", + "value": "standalone" + } + ] + }, + { + "alias": "Queue Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "role", + "operator": "=~", + "value": "/^manager/" + }, + { + "condition": "OR", + "key": "role", + "operator": "=", + "value": "standalone" + } + ] + } + ], + "maxDataPoints": null, + "description": "", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/redis_queue_stat.json.jinja b/salt/grafana/panels/redis_queue_stat.json.jinja new file mode 100644 index 000000000..b0b3d8946 --- /dev/null +++ b/salt/grafana/panels/redis_queue_stat.json.jinja @@ -0,0 +1,95 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "color": { + "mode": "thresholds" + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.redis_queue_stat.gridPos.x }}, + "y": {{ PANELS.redis_queue_stat.gridPos.y }}, + "w": {{ PANELS.redis_queue_stat.gridPos.w }}, + "h": {{ PANELS.redis_queue_stat.gridPos.h }} + }, + "id": 68894, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "unparsed" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "title": "Redis Unparsed Queue", + "type": "stat", + "timeFrom": null, + "timeShift": null, + "interval": "30s" +} diff --git a/salt/grafana/panels/rootfs_used_guage.json.jinja b/salt/grafana/panels/rootfs_used_guage.json.jinja new file mode 100644 index 000000000..b628d247c --- /dev/null +++ b/salt/grafana/panels/rootfs_used_guage.json.jinja @@ -0,0 +1,121 @@ +{ + "id": 61866, + "gridPos": { + "x": {{ PANELS.rootfs_used_guage.gridPos.x }}, + "y": {{ PANELS.rootfs_used_guage.gridPos.y }}, + "w": {{ PANELS.rootfs_used_guage.gridPos.w }}, + "h": {{ PANELS.rootfs_used_guage.gridPos.h }} + }, + "type": "gauge", + "title": "RootFS used", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/row_cpu.json.jinja b/salt/grafana/panels/row_cpu.json.jinja new file mode 100644 index 000000000..6384048d6 --- /dev/null +++ b/salt/grafana/panels/row_cpu.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_cpu.gridPos.x }}, + "y": {{ PANELS.row_cpu.gridPos.y }}, + "w": {{ PANELS.row_cpu.gridPos.w }}, + "h": {{ PANELS.row_cpu.gridPos.h }} + }, + "id": 2, + "panels": [], + "repeat": null, + "title": "CPU", + "type": "row" + } diff --git a/salt/grafana/panels/row_disk_iops.json.jinja b/salt/grafana/panels/row_disk_iops.json.jinja new file mode 100644 index 000000000..f54494825 --- /dev/null +++ b/salt/grafana/panels/row_disk_iops.json.jinja @@ -0,0 +1,22 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_disk_iops.gridPos.x }}, + "y": {{ PANELS.row_disk_iops.gridPos.y }}, + "w": {{ PANELS.row_disk_iops.gridPos.w }}, + "h": {{ PANELS.row_disk_iops.gridPos.h }} + }, + "id": 62055, + "panels": [], + "repeat": "disk", + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "title": "Disk IOPS for /dev/$disk", + "type": "row" +} diff --git a/salt/grafana/panels/row_disk_usage.json.jinja b/salt/grafana/panels/row_disk_usage.json.jinja new file mode 100644 index 000000000..2cfac7cb4 --- /dev/null +++ b/salt/grafana/panels/row_disk_usage.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_disk_usage.gridPos.x }}, + "y": {{ PANELS.row_disk_usage.gridPos.y }}, + "w": {{ PANELS.row_disk_usage.gridPos.w }}, + "h": {{ PANELS.row_disk_usage.gridPos.h }} + }, + "id": 3333, + "panels": [], + "repeat": null, + "title": "Disk Usage", + "type": "row" + } diff --git a/salt/grafana/panels/row_docker_details.json.jinja b/salt/grafana/panels/row_docker_details.json.jinja new file mode 100644 index 000000000..bb06a57ed --- /dev/null +++ b/salt/grafana/panels/row_docker_details.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_docker_details.gridPos.x }}, + "y": {{ PANELS.row_docker_details.gridPos.y }}, + "w": {{ PANELS.row_docker_details.gridPos.w }}, + "h": {{ PANELS.row_docker_details.gridPos.h }} + }, + "id": 4, + "panels": [], + "repeat": null, + "title": "Docker Details", + "type": "row" + } diff --git a/salt/grafana/panels/row_elasticsearch.json.jinja b/salt/grafana/panels/row_elasticsearch.json.jinja new file mode 100644 index 000000000..04340c3e2 --- /dev/null +++ b/salt/grafana/panels/row_elasticsearch.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_elasticsearch.gridPos.x }}, + "y": {{ PANELS.row_elasticsearch.gridPos.y }}, + "w": {{ PANELS.row_elasticsearch.gridPos.w }}, + "h": {{ PANELS.row_elasticsearch.gridPos.h }} + }, + "id": 2442, + "panels": [], + "repeat": null, + "title": "Elasticsearch", + "type": "row" + } diff --git a/salt/grafana/panels/row_influxdb.json.jinja b/salt/grafana/panels/row_influxdb.json.jinja new file mode 100644 index 000000000..7f3251cc9 --- /dev/null +++ b/salt/grafana/panels/row_influxdb.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_influxdb.gridPos.x }}, + "y": {{ PANELS.row_influxdb.gridPos.y }}, + "w": {{ PANELS.row_influxdb.gridPos.w }}, + "h": {{ PANELS.row_influxdb.gridPos.h }} + }, + "id": 43434, + "panels": [], + "repeat": null, + "title": "InfluxDB", + "type": "row" + } diff --git a/salt/grafana/panels/row_logstash.json.jinja b/salt/grafana/panels/row_logstash.json.jinja new file mode 100644 index 000000000..e934dbd0e --- /dev/null +++ b/salt/grafana/panels/row_logstash.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_logstash.gridPos.x }}, + "y": {{ PANELS.row_logstash.gridPos.y }}, + "w": {{ PANELS.row_logstash.gridPos.w }}, + "h": {{ PANELS.row_logstash.gridPos.h }} + }, + "id": 24242, + "panels": [], + "repeat": null, + "title": "Logstash", + "type": "row" + } diff --git a/salt/grafana/panels/row_memory.json.jinja b/salt/grafana/panels/row_memory.json.jinja new file mode 100644 index 000000000..33d203138 --- /dev/null +++ b/salt/grafana/panels/row_memory.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_memory.gridPos.x }}, + "y": {{ PANELS.row_memory.gridPos.y }}, + "w": {{ PANELS.row_memory.gridPos.w }}, + "h": {{ PANELS.row_memory.gridPos.h }} + }, + "id": 3, + "panels": [], + "repeat": null, + "title": "Memory", + "type": "row" + } diff --git a/salt/grafana/panels/row_network.json.jinja b/salt/grafana/panels/row_network.json.jinja new file mode 100644 index 000000000..6f611f580 --- /dev/null +++ b/salt/grafana/panels/row_network.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_network.gridPos.x }}, + "y": {{ PANELS.row_network.gridPos.y }}, + "w": {{ PANELS.row_network.gridPos.w }}, + "h": {{ PANELS.row_network.gridPos.h }} + }, + "id": 333, + "panels": [], + "repeat": null, + "title": "Network", + "type": "row" + } diff --git a/salt/grafana/panels/row_overview.json.jinja b/salt/grafana/panels/row_overview.json.jinja new file mode 100644 index 000000000..d05a9394d --- /dev/null +++ b/salt/grafana/panels/row_overview.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_overview.gridPos.x }}, + "y": {{ PANELS.row_overview.gridPos.y }}, + "w": {{ PANELS.row_overview.gridPos.w }}, + "h": {{ PANELS.row_overview.gridPos.h }} + }, + "id": 1, + "panels": [], + "repeat": null, + "title": "Overview", + "type": "row" + } diff --git a/salt/grafana/panels/row_packet_loss.json.jinja b/salt/grafana/panels/row_packet_loss.json.jinja new file mode 100644 index 000000000..b9d2c8a96 --- /dev/null +++ b/salt/grafana/panels/row_packet_loss.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_packet_loss.gridPos.x }}, + "y": {{ PANELS.row_packet_loss.gridPos.y }}, + "w": {{ PANELS.row_packet_loss.gridPos.w }}, + "h": {{ PANELS.row_packet_loss.gridPos.h }} + }, + "id": 816341, + "panels": [], + "repeat": null, + "title": "Packet Loss", + "type": "row" + } diff --git a/salt/grafana/panels/row_redis.json.jinja b/salt/grafana/panels/row_redis.json.jinja new file mode 100644 index 000000000..f0be53693 --- /dev/null +++ b/salt/grafana/panels/row_redis.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_redis.gridPos.x }}, + "y": {{ PANELS.row_redis.gridPos.y }}, + "w": {{ PANELS.row_redis.gridPos.w }}, + "h": {{ PANELS.row_redis.gridPos.h }} + }, + "id": 24812, + "panels": [], + "repeat": null, + "title": "Redis", + "type": "row" + } diff --git a/salt/grafana/panels/row_stenographer.json.jinja b/salt/grafana/panels/row_stenographer.json.jinja new file mode 100644 index 000000000..004757748 --- /dev/null +++ b/salt/grafana/panels/row_stenographer.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_stenographer.gridPos.x }}, + "y": {{ PANELS.row_stenographer.gridPos.y }}, + "w": {{ PANELS.row_stenographer.gridPos.w }}, + "h": {{ PANELS.row_stenographer.gridPos.h }} + }, + "id": 8812, + "panels": [], + "repeat": null, + "title": "Stenographer", + "type": "row" + } diff --git a/salt/grafana/panels/row_suricata.json.jinja b/salt/grafana/panels/row_suricata.json.jinja new file mode 100644 index 000000000..d4dead5c5 --- /dev/null +++ b/salt/grafana/panels/row_suricata.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_suricata.gridPos.x }}, + "y": {{ PANELS.row_suricata.gridPos.y }}, + "w": {{ PANELS.row_suricata.gridPos.w }}, + "h": {{ PANELS.row_suricata.gridPos.h }} + }, + "id": 8481, + "panels": [], + "repeat": null, + "title": "Suricata", + "type": "row" + } diff --git a/salt/grafana/panels/row_swap.json.jinja b/salt/grafana/panels/row_swap.json.jinja new file mode 100644 index 000000000..c465dcc6e --- /dev/null +++ b/salt/grafana/panels/row_swap.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_swap.gridPos.x }}, + "y": {{ PANELS.row_swap.gridPos.y }}, + "w": {{ PANELS.row_swap.gridPos.w }}, + "h": {{ PANELS.row_swap.gridPos.h }} + }, + "id": 444, + "panels": [], + "repeat": null, + "title": "Swap", + "type": "row" + } diff --git a/salt/grafana/panels/row_zeek.json.jinja b/salt/grafana/panels/row_zeek.json.jinja new file mode 100644 index 000000000..1b236a543 --- /dev/null +++ b/salt/grafana/panels/row_zeek.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_zeek.gridPos.x }}, + "y": {{ PANELS.row_zeek.gridPos.y }}, + "w": {{ PANELS.row_zeek.gridPos.w }}, + "h": {{ PANELS.row_zeek.gridPos.h }} + }, + "id": 21281, + "panels": [], + "repeat": null, + "title": "Zeek", + "type": "row" + } diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja new file mode 100644 index 000000000..0fb56dbe7 --- /dev/null +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -0,0 +1,229 @@ +{ + "id": 19, + "gridPos": { + "x": {{ PANELS.stenographer_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.stenographer_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.stenographer_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.stenographer_packet_loss_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Stenographer Packet Loss", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "Current $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + }, + { + "alias": "Trend $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "hide": {{ PANELS.stenographer_packet_loss_graph.get('hideTrend', false)|json }}, + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja new file mode 100644 index 000000000..863772fcd --- /dev/null +++ b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja @@ -0,0 +1,114 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:1120", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.stenographer_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.stenographer_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.stenographer_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.stenographer_packet_loss_stat.gridPos.h }} + }, + "id": 22, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Stenographer Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "interval": null, + "pluginVersion": "7.5.4" +} diff --git a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja new file mode 100644 index 000000000..83c51a73d --- /dev/null +++ b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja @@ -0,0 +1,207 @@ +{ + "id": 2239, + "gridPos": { + "x": {{ PANELS.stenographer_pcap_retention_graph.gridPos.x }}, + "y": {{ PANELS.stenographer_pcap_retention_graph.gridPos.y }}, + "w": {{ PANELS.stenographer_pcap_retention_graph.gridPos.w }}, + "h": {{ PANELS.stenographer_pcap_retention_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Stenographer PCAP Retention", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "maxDataPoints": 750, + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": true, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "s", + "decimals": 2 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "hidden", + "placement": "bottom", + "calcs": [] + } + }, + "targets": [ + { + "alias": "$tag_host: Oldest Pcap Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + }, + { + "alias": "$tag_host: Oldest Pcap Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja new file mode 100644 index 000000000..eb26f9d8b --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -0,0 +1,241 @@ +{ + "id": 21, + "gridPos": { + "x": {{ PANELS.suricata_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.suricata_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.suricata_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.suricata_packet_loss_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Suricata Packet Loss", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "Current $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + }, + { + "alias": "Trend $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "hide": {{ PANELS.suricata_packet_loss_graph.get('hideTrend', false)|json }}, + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja new file mode 100644 index 000000000..87a3f48e5 --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja @@ -0,0 +1,120 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:949", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.suricata_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.suricata_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.suricata_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.suricata_packet_loss_stat.gridPos.h }} + }, + "id": 20, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Suricata Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "cacheTimeout": null, + "interval": null +} diff --git a/salt/grafana/panels/swap_io_bytes_graph.json.jinja b/salt/grafana/panels/swap_io_bytes_graph.json.jinja new file mode 100644 index 000000000..fe7989870 --- /dev/null +++ b/salt/grafana/panels/swap_io_bytes_graph.json.jinja @@ -0,0 +1,187 @@ +{ + "id": 68890, + "gridPos": { + "x": {{ PANELS.swap_io_bytes_graph.gridPos.x }}, + "y": {{ PANELS.swap_io_bytes_graph.gridPos.y }}, + "w": {{ PANELS.swap_io_bytes_graph.gridPos.w }}, + "h": {{ PANELS.swap_io_bytes_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Swap I/O Bytes", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "bottom", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\")) as \"in\", non_negative_derivative(mean(\"out\")) as \"out\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"mean_in\")) as \"trend_in\", non_negative_derivative(mean(\"mean_out\")) as \"trend_out\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "unit": "bytes", + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja new file mode 100644 index 000000000..4986b72a5 --- /dev/null +++ b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja @@ -0,0 +1,184 @@ +{ + "type": "graph", + "title": "Swap Usage", + "gridPos": { + "x": {{ PANELS.swap_usage_bytes_graph.gridPos.x }}, + "y": {{ PANELS.swap_usage_bytes_graph.gridPos.y }}, + "w": {{ PANELS.swap_usage_bytes_graph.gridPos.w }}, + "h": {{ PANELS.swap_usage_bytes_graph.gridPos.h }} + }, + "id": 68892, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(used) as \"used\", mean(total) as \"total\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col" + }, + { + "refId": "B", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(mean_used) as \"trend_used\", mean(mean_total) as \"trend_total\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col", + "hide": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "bytes", + "$$hashKey": "object:515" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:516" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:575", + "alias": "/total/", + "fill": 0, + "color": "#C4162A" + }, + { + "$$hashKey": "object:596", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "maxDataPoints": 750, + "interval": "30s" +} diff --git a/salt/grafana/panels/swap_usage_guage.json.jinja b/salt/grafana/panels/swap_usage_guage.json.jinja new file mode 100644 index 000000000..f7e3d4f34 --- /dev/null +++ b/salt/grafana/panels/swap_usage_guage.json.jinja @@ -0,0 +1,115 @@ +{ + "id": 61863, + "gridPos": { + "x": {{ PANELS.swap_usage_guage.gridPos.x }}, + "y": {{ PANELS.swap_usage_guage.gridPos.y }}, + "w": {{ PANELS.swap_usage_guage.gridPos.w }}, + "h": {{ PANELS.swap_usage_guage.gridPos.h }} + }, + "type": "gauge", + "title": "Swap usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "links": [], + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 50 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 70 + } + ] + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "max": 100, + "min": 0, + "unit": "percent" + }, + "overrides": [] + }, + "interval": "30", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "swap", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "orderByTime": "ASC" + } + ], + "maxDataPoints": null, + "cacheTimeout": null +} diff --git a/salt/grafana/panels/swap_usage_percent_graph.json.jinja b/salt/grafana/panels/swap_usage_percent_graph.json.jinja new file mode 100644 index 000000000..875107fd7 --- /dev/null +++ b/salt/grafana/panels/swap_usage_percent_graph.json.jinja @@ -0,0 +1,141 @@ +{ + "id": 69873, + "gridPos": { + "x": {{ PANELS.swap_usage_percent_graph.gridPos.x }}, + "y": {{ PANELS.swap_usage_percent_graph.gridPos.y }}, + "w": {{ PANELS.swap_usage_percent_graph.gridPos.w }}, + "h": {{ PANELS.swap_usage_percent_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Swap Usage", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "unit": "percent", + "decimals": 1 + }, + "overrides": [] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "swap", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "interval": "30s", + "maxDataPoints": null +} diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja new file mode 100644 index 000000000..fc2cb69ac --- /dev/null +++ b/salt/grafana/panels/system_uptime.json.jinja @@ -0,0 +1,91 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 255, 255)", + "value": null + } + ] + }, + "mappings": [], + "decimals": 2, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.system_uptime.gridPos.x }}, + "y": {{ PANELS.system_uptime.gridPos.y }}, + "w": {{ PANELS.system_uptime.gridPos.w }}, + "h": {{ PANELS.system_uptime.gridPos.h }} + }, + "id": 39, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "uptime" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "System Uptime", + "type": "stat" +} diff --git a/salt/grafana/panels/system_uptime_graph.json.jinja b/salt/grafana/panels/system_uptime_graph.json.jinja new file mode 100644 index 000000000..bf26b520f --- /dev/null +++ b/salt/grafana/panels/system_uptime_graph.json.jinja @@ -0,0 +1,148 @@ +{ + "type": "graph", + "title": "System Uptime", + "gridPos": { + "x": {{ PANELS.system_uptime_graph.gridPos.x }}, + "y": {{ PANELS.system_uptime_graph.gridPos.y }}, + "w": {{ PANELS.system_uptime_graph.gridPos.w }}, + "h": {{ PANELS.system_uptime_graph.gridPos.h }} + }, + "id": 69016, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "uptime" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "measurement": "system", + "alias": "$tag_host $tag_role" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": "0", + "max": "604800", + "format": "s", + "$$hashKey": "object:213", + "decimals": 1 + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:214" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 1 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "decimals": 1, + "description": "" +} diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..ad4ff2805 --- /dev/null +++ b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja @@ -0,0 +1,168 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "decimals": 1, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.uptime_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.uptime_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.uptime_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.uptime_docker_combined_current_graph.gridPos.h }} + }, + "id": 68896, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": false, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host $tag_role $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_status", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT last(\"uptime_ns\") FROM \"docker_container_status\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\", \"role\" fill(null)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "uptime_ns" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "slimit": "", + "limit": "" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Container Uptime Current", + "tooltip": { + "shared": true, + "sort": 1, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:192", + "format": "ns", + "label": null, + "logBase": 1, + "max": "604800000000000", + "min": "0", + "show": true, + "decimals": 1 + }, + { + "$$hashKey": "object:193", + "decimals": 2, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja new file mode 100644 index 000000000..a4be68137 --- /dev/null +++ b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja @@ -0,0 +1,165 @@ +{ + "id": 68999, + "gridPos": { + "x": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.h }} + }, + "type": "graph", + "title": "Container Uptime Trend", + "datasource": "InfluxDB", + "thresholds": [ + { + "$$hashKey": "object:1299", + "colorMode": "critical", + "fill": false, + "line": true, + "op": "lt", + "value": 4500000000000, + "yaxis": "left" + } + ], + "pluginVersion": "8.2.1", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": false, + "total": false, + "values": true + }, + "aliasColors": {}, + "dashLength": 10, + "decimals": 1, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $tag_container_name", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_status", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "mean_uptime_ns" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + } + ], + "timeRegions": [], + "tooltip": { + "shared": true, + "sort": 1, + "value_type": "individual" + }, + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:192", + "format": "ns", + "label": null, + "logBase": 1, + "max": "604800000000000", + "min": null, + "show": true, + "decimals": 1 + }, + { + "$$hashKey": "object:193", + "decimals": 2, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "interval": "30s", + "bars": false, + "dashes": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja new file mode 100644 index 000000000..53adcd7fa --- /dev/null +++ b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja @@ -0,0 +1,203 @@ +{ + "id": 71, + "gridPos": { + "x": {{ PANELS.zeek_capture_loss_graph.gridPos.x }}, + "y": {{ PANELS.zeek_capture_loss_graph.gridPos.y }}, + "w": {{ PANELS.zeek_capture_loss_graph.gridPos.w }}, + "h": {{ PANELS.zeek_capture_loss_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Capture Loss", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 10, + "gradientMode": "none", + "spanNulls": true, + "showPoints": "auto", + "pointSize": 6, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "links": [], + "unit": "percent", + "decimals": 1, + "min": 0 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "$tag_host: Loss Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + }, + { + "alias": "$tag_host: Loss Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "maxDataPoints": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja new file mode 100644 index 000000000..7d2c8ae2b --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -0,0 +1,244 @@ +{ + "id": 2022, + "gridPos": { + "x": {{ PANELS.zeek_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.zeek_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.zeek_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.zeek_packet_loss_graph.gridPos.h }} + }, + "type": "timeseries", + "title": "Zeek Packet Loss", + "datasource": "InfluxDB", + "pluginVersion": "8.2.1", + "interval": "30s", + "links": [], + "fieldConfig": { + "defaults": { + "custom": { + "drawStyle": "line", + "lineInterpolation": "linear", + "barAlignment": 0, + "lineWidth": 1, + "fillOpacity": 0, + "gradientMode": "none", + "spanNulls": false, + "showPoints": "never", + "pointSize": 5, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "hideFrom": { + "tooltip": false, + "viz": false, + "legend": false + }, + "thresholdsStyle": { + "mode": "off" + }, + "lineStyle": { + "fill": "solid" + } + }, + "color": { + "mode": "palette-classic" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "value": null, + "color": "green" + }, + { + "value": 80, + "color": "red" + } + ] + }, + "mappings": [], + "links": [], + "unit": "percent", + "min": 0, + "decimals": 1 + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/Trend/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 4 + }, + { + "id": "custom.lineStyle", + "value": { + "fill": "dash", + "dash": [ + 4, + 10 + ] + } + } + ] + } + ] + }, + "options": { + "tooltip": { + "mode": "single" + }, + "legend": { + "displayMode": "table", + "placement": "right", + "calcs": [ + "max", + "mean", + "lastNotNull" + ] + } + }, + "targets": [ + { + "alias": "Current $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + }, + { + "alias": "Trend $tag_host $tag_role", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, + { + "params": [ + "none" + ], + "type": "fill" + } + ], + "hide": {{ PANELS.zeek_packet_loss_graph.get('hideTrend', false)|json }}, + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "maxDataPoints": null, + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja new file mode 100644 index 000000000..9d43f5a76 --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja @@ -0,0 +1,120 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:818", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.zeek_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.zeek_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.zeek_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.zeek_packet_loss_stat.gridPos.h }} + }, + "id": 2123, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Zeek Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "cacheTimeout": null, + "interval": null +} diff --git a/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja b/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja new file mode 100644 index 000000000..85dda1154 --- /dev/null +++ b/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja @@ -0,0 +1,93 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.x }}, + "y": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.y }}, + "w": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.w }}, + "h": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.h }} + }, + "id": 37, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "sum" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "healthcheck", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "zeek_restart" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Zeek Restarts via Healthcheck", + "type": "stat" +} diff --git a/salt/grafana/templates/cluster_name.json b/salt/grafana/templates/cluster_name.json new file mode 100644 index 000000000..bf6dbfb3f --- /dev/null +++ b/salt/grafana/templates/cluster_name.json @@ -0,0 +1,25 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [{{ TEMPLATES.cluster_name.get('text', DASHBOARD)| json }}], + "value": [{{ TEMPLATES.cluster_name.get('value', DASHBOARD)| json }}] + }, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"cluster_name\"", + "description": null, + "error": null, + "hide": {{ TEMPLATES.cluster_name.get('hide', 0)| json }}, + "includeAll": {{ TEMPLATES.cluster_name.get('includeAll', true)| json }}, + "label": "Cluster Name", + "multi": {{ TEMPLATES.cluster_name.get('multi', true)| json }}, + "name": "cluster_name", + "options": [], + "query": "show tag values with key=\"cluster_name\"", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" +} diff --git a/salt/grafana/templates/containers.json b/salt/grafana/templates/containers.json new file mode 100644 index 000000000..955c5c8e3 --- /dev/null +++ b/salt/grafana/templates/containers.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Docker Containers", + "multi": true, + "name": "containers", + "options": [], + "query": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", + "refresh": 1, + "regex": "/so-*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json new file mode 100644 index 000000000..c41889565 --- /dev/null +++ b/salt/grafana/templates/cpucount.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "SELECT last(\"n_cpus\") FROM \"system\" WHERE \"host\" =~ /^$servername$/", + "description": null, + "error": null, + "hide": 2, + "includeAll": false, + "label": "CPU Count", + "multi": false, + "name": "cpucount", + "options": [], + "query": "SELECT last(\"n_cpus\") FROM \"system\" WHERE \"host\" =~ /^$servername$/", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json new file mode 100644 index 000000000..ac1b190af --- /dev/null +++ b/salt/grafana/templates/disk.json @@ -0,0 +1,39 @@ +{ + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "InfluxDB", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Disk", + "multi": true, + "name": "disk", + "options": [], + "query": "SHOW TAG VALUES ON telegraf FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$servername/", + "refresh": 1, + "regex": "[a-z]d[\\D]$|nvme[\\d]n[\\d]$", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false +} + + + + + + + + + + + diff --git a/salt/grafana/templates/manint.json b/salt/grafana/templates/manint.json new file mode 100644 index 000000000..22015d274 --- /dev/null +++ b/salt/grafana/templates/manint.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", + "description": null, + "error": null, + "hide": 2, + "includeAll": true, + "label": "Management Interface", + "multi": true, + "name": "manint", + "options": [], + "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json new file mode 100644 index 000000000..417ea8e62 --- /dev/null +++ b/salt/grafana/templates/monint.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", + "description": null, + "error": null, + "hide": 2, + "includeAll": true, + "label": "Monitor Interface", + "multi": true, + "name": "monint", + "options": [], + "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/role.json b/salt/grafana/templates/role.json new file mode 100644 index 000000000..de51ff5d2 --- /dev/null +++ b/salt/grafana/templates/role.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [{{ TEMPLATES.role.get('text', DASHBOARD)| json }}], + "value": [{{ TEMPLATES.role.get('value', DASHBOARD)| json }}] + }, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"role\"", + "description": null, + "error": null, + "hide": {{ TEMPLATES.role.get('hide', 0)| json }}, + "includeAll": {{ TEMPLATES.role.get('includeAll', true)| json }}, + "label": "Role", + "multi": {{ TEMPLATES.role.get('multi', true)| json }}, + "name": "role", + "options": [], + "query": "show tag values with key=\"role\"", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false +} diff --git a/salt/grafana/templates/searchnode.json b/salt/grafana/templates/searchnode.json new file mode 100644 index 000000000..57365cc57 --- /dev/null +++ b/salt/grafana/templates/searchnode.json @@ -0,0 +1,25 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [{{ TEMPLATES.searchnode.get('text', DASHBOARD)| json }}], + "value": [{{ TEMPLATES.searchnode.get('value', DASHBOARD)| json }}] + }, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /search/) OR (\"role\" = 'heavynode') OR (\"role\" = 'standalone') OR (\"role\" = 'eval') ", + "description": null, + "error": null, + "hide": {{ TEMPLATES.searchnode.get('hide', 0)| json }}, + "includeAll": {{ TEMPLATES.searchnode.get('includeAll', true)| json }}, + "label": "Searchnode", + "multi": {{ TEMPLATES.searchnode.get('multi', true)| json }}, + "name": "searchnode", + "options": [], + "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /search/) OR (\"role\" = 'heavynode') OR (\"role\" = 'standalone') OR (\"role\" = 'eval') ", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" +} diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json new file mode 100644 index 000000000..aaa90acfc --- /dev/null +++ b/salt/grafana/templates/servername.json @@ -0,0 +1,34 @@ +{% if DASHBOARD == 'overview' %} + {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" =~ /^$role$/)" %} +{% else %} +{% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" = '" ~ DASHBOARD ~ "' )" %} +{% endif %} +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [{{ TEMPLATES.servername.get('text', '')| json }}], + "value": [{{ TEMPLATES.servername.get('value', '')| json }}] + }, + "datasource": "InfluxDB", + "definition": "{{ query }}", + "description": "", + "error": null, + "hide": 0, + "includeAll": true, + "label": "Node", + "multi": true, + "name": "servername", + "options": [], + "query": "{{ query }}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index f270c9f73..218d2d18e 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -17,6 +17,8 @@ include: - salt.minion - salt.python3-influxdb + - ssl + # Influx DB influxconfdir: file.directory: @@ -60,6 +62,10 @@ so-influxdb: - 0.0.0.0:8086:8086 - watch: - file: influxdbconf + - require: + - file: influxdbconf + - x509: influxdb_key + - x509: influxdb_crt append_so-influxdb_so-status.conf: file.append: diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index d42596287..a2ab743da 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -1,17 +1,76 @@ #!/bin/bash -# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %} - +{%- set MANAGER = salt['pillar.get']('global:url_base', '') %} . /usr/sbin/so-common -# Copy template file -cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson +check_file() { +local file=$1 +if [ ! -f "$file" ]; then + echo "File $file does not exist." + exit 1 +fi -# SOCtopus and Manager -sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson +} -wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" +import() { + local file=$1 + ndjson_file=$(echo $file | sed -e "s/\.template$//") + # Copy template file + if [ "$file" != "$ndjson_file" ]; then + cp "$file" "$ndjson_file" + fi -SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') + # SOCtopus and Manager + if grep -lq 'PLACEHOLDER' "$ndjson_file"; then + sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" "$ndjson_file" + fi -# Load saved objects -{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log + wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" + + SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') + # Load saved objects + {{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file" >> /opt/so/log/kibana/misc.log +} + +update() { + wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" + IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' + for i in "${LINES[@]}"; do + {{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/7.15.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i " + done + +} + +usage() +{ +cat < Import saved objects + -u Update saved objects +EOF +} + +while getopts "h:i:u:" OPTION +do + case $OPTION in + h) + usage + exit 0 + ;; + i) + FILE=${OPTARG} + check_file $FILE + import $FILE + ;; + u) + FILE=${OPTARG} + check_file $FILE + update $FILE + ;; + *) + usage + exit 0 + ;; + esac +done diff --git a/salt/kibana/config.map.jinja b/salt/kibana/config.map.jinja new file mode 100644 index 000000000..58f1fbf67 --- /dev/null +++ b/salt/kibana/config.map.jinja @@ -0,0 +1,15 @@ +{% import_yaml 'kibana/defaults.yaml' as KIBANACONFIG with context %} + +{% if salt['pillar.get']('elasticsearch:auth:enabled', False) %} + {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass')}) %} +{% else %} + {% do KIBANACONFIG.kibana.config.xpack.update({'security': {'authc': {'providers': {'anonymous': {'anonymous1': {'order': 0, 'credentials': 'elasticsearch_anonymous_user'}}}}}}) %} +{% endif %} + +{% if salt['pillar.get']('kibana:secrets') %} + {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %} + {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %} + {% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %} +{% endif %} + +{% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %} diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml new file mode 100644 index 000000000..eae767386 --- /dev/null +++ b/salt/kibana/defaults.yaml @@ -0,0 +1,34 @@ +kibana: + enabled: True + config: + server: + name: kibana + host: "0.0.0.0" + basePath: /kibana + publicBaseUrl: https://{{salt['pillar.get']('global:url_base')}}/kibana + elasticsearch: + hosts: + - https://{{salt['pillar.get']('manager:mainip')}}:9200 + ssl: + verificationMode: none + requestTimeout: 90000 + logging: + appenders: + file: + type: file + fileName: /var/log/kibana/kibana.log + layout: + type: json + root: + appenders: + - default + - file + telemetry: + enabled: False + security: + showInsecureClusterWarning: False + xpack: + ml: + enabled: False + security: + secureCookies: True diff --git a/salt/kibana/etc/kibana.yml b/salt/kibana/etc/kibana.yml deleted file mode 100644 index 6fcafe68f..000000000 --- a/salt/kibana/etc/kibana.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Default Kibana configuration from kibana-docker. -{%- set ES = salt['pillar.get']('manager:mainip', '') -%} -{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} -{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} -server.name: kibana -server.host: "0" -server.basePath: /kibana -elasticsearch.hosts: [ "https://{{ ES }}:9200" ] -elasticsearch.ssl.verificationMode: none -#kibana.index: ".kibana" -{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} -elasticsearch.username: {{ ES_USER }} -elasticsearch.password: {{ ES_PASS }} -{% endif %} -#xpack.monitoring.ui.container.elasticsearch.enabled: true -elasticsearch.requestTimeout: 90000 -logging.dest: /var/log/kibana/kibana.log -telemetry.enabled: false -security.showInsecureClusterWarning: false -{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %} -xpack.security.authc.providers: - anonymous.anonymous1: - order: 0 - credentials: "elasticsearch_anonymous_user" -{% endif %} diff --git a/salt/kibana/etc/kibana.yml.jinja b/salt/kibana/etc/kibana.yml.jinja new file mode 100644 index 000000000..5e06a53fa --- /dev/null +++ b/salt/kibana/etc/kibana.yml.jinja @@ -0,0 +1 @@ +{{ KIBANACONFIG | yaml(False) }} diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson new file mode 100644 index 000000000..a05374ebf --- /dev/null +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -0,0 +1 @@ +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "7.15.2","id": "7.15.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index ee2842b66..624168af7 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -11,7 +11,7 @@ {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njk2LDRd"} {"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","log.id.uid","network.community_id","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - All Logs","version":1},"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njk3LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smtp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"4053cc7e-9771-46d9-8e03-e430ab096805\"},\"panelIndex\":\"4053cc7e-9771-46d9-8e03-e430ab096805\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njk4LDRd"} -{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PCAPPLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njg1LDRd"} +{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njg1LDRd"} {"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njk5LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5NzAwLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/dashboards#/view/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/kibana/app/dashboards#/view/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data** \\n[Bro Notices](/kibana/app/dashboards#/view/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/kibana/app/dashboards#/view/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/kibana/app/dashboards#/view/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/kibana/app/dashboards#/view/7f27a830-34e5-11e7-9669-7f1d3242b798)   \\n\\n**Bro Hunting** \\n[Connections](/kibana/app/dashboards#/view/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/kibana/app/dashboards#/view/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/kibana/app/dashboards#/view/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/kibana/app/dashboards#/view/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/kibana/app/dashboards#/view/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/kibana/app/dashboards#/view/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/kibana/app/dashboards#/view/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/kibana/app/dashboards#/view/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/kibana/app/dashboards#/view/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/kibana/app/dashboards#/view/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/kibana/app/dashboards#/view/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/kibana/app/dashboards#/view/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/kibana/app/dashboards#/view/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/kibana/app/dashboards#/view/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/kibana/app/dashboards#/view/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/kibana/app/dashboards#/view/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/kibana/app/dashboards#/view/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/kibana/app/dashboards#/view/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/kibana/app/dashboards#/view/ad3c0830-3583-11e7-a588-05992195c551) \\n[SMB](/kibana/app/dashboards#/view/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/kibana/app/dashboards#/view/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/kibana/app/dashboards#/view/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/kibana/app/dashboards#/view/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/kibana/app/dashboards#/view/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/kibana/app/dashboards#/view/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/kibana/app/dashboards#/view/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/kibana/app/dashboards#/view/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/kibana/app/dashboards#/view/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/kibana/app/dashboards#/view/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting** \\n[Autoruns](/kibana/app/dashboards#/view/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[Beats](/kibana/app/dashboards#/view/AWBLNS3CRuBloj96jxub) \\n[Osquery](/kibana/app/dashboards#/view/9d0e2da0-14e1-11e9-82f7-0da02d93a48b) \\n[OSSEC](/kibana/app/dashboards#/view/3a457d70-3583-11e7-a588-05992195c551)  \\n[Sysmon](/kibana/app/dashboards#/view/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other** \\n[Domain Stats](/kibana/app/dashboards#/view/AWAi6wvxAvKNGEbUWO_j) \\n[Firewall](/kibana/app/dashboards#/view/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Frequency](/kibana/app/dashboards#/view/AWAi5k4jAvKNGEbUWFis) \\n[Stats](/kibana/app/dashboards#/view/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/kibana/app/dashboards#/view/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"7.11.0"},"references":[],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5NzAxLDRd"} @@ -460,7 +460,6 @@ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"} -{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.2","id":"7.13.2","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"} diff --git a/salt/kibana/files/securitySolution_saved_objects.ndjson b/salt/kibana/files/securitySolution_saved_objects.ndjson new file mode 100644 index 000000000..db4a9fa48 --- /dev/null +++ b/salt/kibana/files/securitySolution_saved_objects.ndjson @@ -0,0 +1 @@ +{"attributes": {"securitySolution:defaultIndex": ["apm-*-transaction*", "traces-apm*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*", "*:so-*"]}} diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 40ed8babc..ff88b731a 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -6,6 +6,11 @@ {% set MANAGER = salt['grains.get']('master') %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} +{% import_yaml 'kibana/defaults.yaml' as default_settings %} +{% set KIBANA_SETTINGS = salt['grains.filter_by'](default_settings, default='kibana', merge=salt['pillar.get']('kibana', {})) %} + +{% from 'kibana/config.map.jinja' import KIBANACONFIG with context %} + # Add ES Group kibanasearchgroup: group.present: @@ -29,14 +34,17 @@ kibanaconfdir: - group: 939 - makedirs: True -synckibanaconfig: - file.recurse: - - name: /opt/so/conf/kibana/etc - - source: salt://kibana/etc +kibanaconfig: + file.managed: + - name: /opt/so/conf/kibana/etc/kibana.yml + - source: salt://kibana/etc/kibana.yml.jinja - user: 932 - group: 939 - - file_mode: 660 + - mode: 660 - template: jinja + - defaults: + KIBANACONFIG: {{ KIBANACONFIG }} + - show_changes: False kibanalogdir: file.directory: @@ -85,32 +93,14 @@ so-kibana: - /sys/fs/cgroup:/sys/fs/cgroup:ro - port_bindings: - 0.0.0.0:5601:5601 + - watch: + - file: kibanaconfig append_so-kibana_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-kibana -kibanadashtemplate: - file.managed: - - name: /opt/so/conf/kibana/saved_objects.ndjson.template - - source: salt://kibana/files/saved_objects.ndjson - - user: 932 - - group: 939 - -so-kibana-config-load: - cmd.run: - - name: /usr/sbin/so-kibana-config-load - - cwd: /opt/so - -# Keep the setting correct -#KibanaHappy: -# cmd.script: -# - shell: /bin/bash -# - runas: socore -# - source: salt://kibana/bin/keepkibanahappy.sh -# - template: jinja - {% else %} {{sls}}_state_not_allowed: diff --git a/salt/kibana/secrets.sls b/salt/kibana/secrets.sls new file mode 100644 index 000000000..a863f114b --- /dev/null +++ b/salt/kibana/secrets.sls @@ -0,0 +1,34 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + + {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72)) %} + {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72)) %} + {% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72)) %} + +kibana_pillar_directory: + file.directory: + - name: /opt/so/saltstack/local/pillar/kibana + +kibana_secrets_pillar: + file.managed: + - name: /opt/so/saltstack/local/pillar/kibana/secrets.sls + - mode: 600 + - reload_pillar: True + - contents: | + kibana: + secrets: + encryptedSavedObjects: + encryptionKey: {{ kibana_encryptedSavedObjects_encryptionKey }} + security: + encryptionKey: {{ kibana_security_encryptionKey }} + reporting: + encryptionKey: {{ kibana_reporting_encryptionKey }} + - show_changes: False + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/kibana/so_config_load.sls b/salt/kibana/so_config_load.sls new file mode 100644 index 000000000..58cd0ffbb --- /dev/null +++ b/salt/kibana/so_config_load.sls @@ -0,0 +1,17 @@ +include: + - kibana + +config_saved_objects: + file.managed: + - name: /opt/so/conf/kibana/config_saved_objects.ndjson + - source: salt://kibana/files/config_saved_objects.ndjson + - user: 932 + - group: 939 + +so-kibana-config-load: + cmd.run: + - name: /usr/sbin/so-kibana-config-load -i /opt/so/conf/kibana/config_saved_objects.ndjson + - cwd: /opt/so + - require: + - sls: kibana + - file: config_saved_objects diff --git a/salt/kibana/so_dashboard_load.sls b/salt/kibana/so_dashboard_load.sls new file mode 100644 index 000000000..3f3d7a2cd --- /dev/null +++ b/salt/kibana/so_dashboard_load.sls @@ -0,0 +1,18 @@ +include: + - kibana + +dashboard_saved_objects_template: + file.managed: + - name: /opt/so/conf/kibana/saved_objects.ndjson + - source: salt://kibana/files/saved_objects.ndjson + - user: 932 + - group: 939 + - show_changes: False + +so-kibana-dashboard-load: + cmd.run: + - name: /usr/sbin/so-kibana-config-load -i /opt/so/conf/kibana/saved_objects.ndjson + - cwd: /opt/so + - require: + - sls: kibana + - file: dashboard_saved_objects_template diff --git a/salt/kibana/so_savedobjects_defaults.sls b/salt/kibana/so_savedobjects_defaults.sls new file mode 100644 index 000000000..4cf6cef34 --- /dev/null +++ b/salt/kibana/so_savedobjects_defaults.sls @@ -0,0 +1,5 @@ +include: + - kibana + - kibana.so_config_load + - kibana.so_securitySolution_load + - kibana.so_dashboard_load diff --git a/salt/kibana/so_securitySolution_load.sls b/salt/kibana/so_securitySolution_load.sls new file mode 100644 index 000000000..49dbfa25b --- /dev/null +++ b/salt/kibana/so_securitySolution_load.sls @@ -0,0 +1,17 @@ +include: + - kibana + +securitySolution_saved_objects: + file.managed: + - name: /opt/so/conf/kibana/securitySolution_saved_objects.ndjson + - source: salt://kibana/files/securitySolution_saved_objects.ndjson + - user: 932 + - group: 939 + +so-kibana-securitySolution_saved_objects-load: + cmd.run: + - name: /usr/sbin/so-kibana-config-load -u /opt/so/conf/kibana/securitySolution_saved_objects.ndjson + - cwd: /opt/so + - require: + - sls: kibana + - file: securitySolution_saved_objects diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/kratos/files/kratos.yaml similarity index 100% rename from salt/soc/files/kratos/kratos.yaml rename to salt/kratos/files/kratos.yaml diff --git a/salt/soc/files/kratos/schema.json b/salt/kratos/files/schema.json similarity index 78% rename from salt/soc/files/kratos/schema.json rename to salt/kratos/files/schema.json index 986086936..782d1b78b 100644 --- a/salt/soc/files/kratos/schema.json +++ b/salt/kratos/files/schema.json @@ -12,6 +12,7 @@ "format": "email", "title": "E-Mail", "minLength": 6, + "maxLength": 100, "ory.sh/kratos": { "credentials": { "password": { @@ -25,20 +26,19 @@ }, "firstName": { "type": "string", - "title": "First Name" + "title": "First Name", + "maxLength": 100 }, "lastName": { "type": "string", - "title": "Last Name" + "title": "Last Name", + "maxLength": 100 }, - "role": { + "note": { "type": "string", - "title": "Role" - }, - "status": { - "type": "string", - "title": "Status" - } + "title": "Note", + "maxLength": 100 + } }, "required": [ "email" diff --git a/salt/kratos/init.sls b/salt/kratos/init.sls new file mode 100644 index 000000000..e44c09b63 --- /dev/null +++ b/salt/kratos/init.sls @@ -0,0 +1,101 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + +{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{% set MANAGER = salt['grains.get']('master') %} + +# Add Kratos Group +kratosgroup: + group.present: + - name: kratos + - gid: 928 + +# Add Kratos user +kratos: + user.present: + - uid: 928 + - gid: 928 + - home: /opt/so/conf/kratos + +kratosdir: + file.directory: + - name: /opt/so/conf/kratos/db + - user: 928 + - group: 928 + - makedirs: True + +kratoslogdir: + file.directory: + - name: /opt/so/log/kratos + - user: 928 + - group: 928 + - makedirs: True + +kratossync: + file.recurse: + - name: /opt/so/conf/kratos + - source: salt://kratos/files + - user: 928 + - group: 928 + - file_mode: 600 + - template: jinja + +kratos_schema: + file.exists: + - name: /opt/so/conf/kratos/schema.json + +kratos_yaml: + file.exists: + - name: /opt/so/conf/kratos/kratos.yaml + +so-kratos: + docker_container.running: + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kratos:{{ VERSION }} + - hostname: kratos + - name: so-kratos + - binds: + - /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro + - /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro + - /opt/so/log/kratos/:/kratos-log:rw + - /opt/so/conf/kratos/db:/kratos-data:rw + - port_bindings: + - 0.0.0.0:4433:4433 + - 0.0.0.0:4434:4434 + - restart_policy: unless-stopped + - watch: + - file: /opt/so/conf/kratos + - require: + - file: kratos_schema + - file: kratos_yaml + - file: kratoslogdir + - file: kratosdir + +append_so-kratos_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-kratos + +wait_for_kratos: + http.wait_for_successful_query: + - name: 'http://{{ MANAGER }}:4434/' + - ssl: True + - verify_ssl: False + - status: + - 200 + - 301 + - 302 + - 404 + - status_type: list + - wait_for: 300 + - request_interval: 10 + - require: + - docker_container: so-kratos + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/learn/files/logscan.conf b/salt/learn/files/logscan.conf new file mode 100644 index 000000000..d7aa30734 --- /dev/null +++ b/salt/learn/files/logscan.conf @@ -0,0 +1,7 @@ +[global] +ts_format = iso8601 +scan_interval = 30s +log_level = info + +[kratos] +log_path = kratos/kratos.log diff --git a/salt/learn/init.sls b/salt/learn/init.sls new file mode 100644 index 000000000..fb5b89802 --- /dev/null +++ b/salt/learn/init.sls @@ -0,0 +1,19 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + +{% set module_dict = salt['pillar.get']('learn:modules', {} ) %} + +{% if module_dict.items()|length != 0 %} +include: +{% for module, _ in module_dict.items() %} + - 'learn.{{ module }}' +{% endfor %} +{% endif %} + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/learn/logscan.sls b/salt/learn/logscan.sls new file mode 100644 index 000000000..91f64420a --- /dev/null +++ b/salt/learn/logscan.sls @@ -0,0 +1,58 @@ +{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{% set MANAGER = salt['grains.get']('master') %} +{% set logscan_cpu_period = salt['pillar.get']('learn:modules:logscan:cpu_period', 20000) %} +{% set enabled = salt['pillar.get']('learn:modules:logscan:enabled', False) %} + +{% if enabled %} + {% set container_action = 'running' %} +{% else %} + {% set container_action = 'absent'%} +{% endif %} + + +logscan_data_dir: + file.directory: + - name: /nsm/logscan/data + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf_dir: + file.directory: + - name: /opt/so/conf/logscan + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf: + file.managed: + - name: /opt/so/conf/logscan/logscan.conf + - source: salt://learn/files/logscan.conf + - user: 939 + - group: 939 + - mode: 600 + +logscan_log_dir: + file.directory: + - name: /opt/so/log/logscan + - user: 939 + - group: 939 + +so-logscan: + docker_container.{{ container_action }}: + {% if container_action == 'running' %} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logscan:{{ VERSION }} + - hostname: logscan + - name: so-logscan + - binds: + - /nsm/logscan/data:/logscan/data:rw + - /opt/so/conf/logscan/logscan.conf:/logscan/logscan.conf:ro + - /opt/so/log/logscan:/logscan/output:rw + - /opt/so/log:/logscan/logs:ro + - cpu_period: {{ logscan_cpu_period }} + - require: + - file: logscan_conf + {% else %} + - force: true + {% endif %} diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index bfd08e4fe..069b2f7bd 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -15,28 +15,37 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} -{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} -{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} -{% set MANAGER = salt['grains.get']('master') %} -{% set MANAGERIP = salt['pillar.get']('global:managerip') %} + {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} + {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} + {% set MANAGER = salt['grains.get']('master') %} + {% set MANAGERIP = salt['pillar.get']('global:managerip') %} -# Logstash Section - Decide which pillar to use -{% set lsheap = salt['pillar.get']('logstash_settings:lsheap', '') %} -{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %} - {% set freq = salt['pillar.get']('manager:freq', '0') %} - {% set dstats = salt['pillar.get']('manager:domainstats', '0') %} - {% set nodetype = salt['grains.get']('role', '') %} -{% elif grains['role'] == 'so-helix' %} - {% set freq = salt['pillar.get']('manager:freq', '0') %} - {% set dstats = salt['pillar.get']('manager:domainstats', '0') %} - {% set nodetype = salt['grains.get']('role', '') %} -{% endif %} + # Logstash Section - Decide which pillar to use + {% set lsheap = salt['pillar.get']('logstash_settings:lsheap', '') %} + {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %} + {% set freq = salt['pillar.get']('manager:freq', '0') %} + {% set dstats = salt['pillar.get']('manager:domainstats', '0') %} + {% set nodetype = salt['grains.get']('role', '') %} + {% elif grains['role'] == 'so-helix' %} + {% set freq = salt['pillar.get']('manager:freq', '0') %} + {% set dstats = salt['pillar.get']('manager:domainstats', '0') %} + {% set nodetype = salt['grains.get']('role', '') %} + {% endif %} -{% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %} -{% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} -{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} + {% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %} + {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} + {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} + + {% if grains.role in ['so-heavynode'] %} + {% set EXTRAHOSTHOSTNAME = salt['grains.get']('host') %} + {% set EXTRAHOSTIP = salt['pillar.get']('sensor:mainip') %} + {% else %} + {% set EXTRAHOSTHOSTNAME = MANAGER %} + {% set EXTRAHOSTIP = MANAGERIP %} + {% endif %} include: + - ssl - elasticsearch # Create the logstash group @@ -65,22 +74,22 @@ lspipelinedir: - user: 931 - group: 939 -{% for PL in PIPELINES %} - {% for CONFIGFILE in PIPELINES[PL].config %} + {% for PL in PIPELINES %} + {% for CONFIGFILE in PIPELINES[PL].config %} ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }}: file.managed: - source: salt://logstash/pipelines/config/{{CONFIGFILE}} - {% if 'jinja' in CONFIGFILE.split('.')[-1] %} + {% if 'jinja' in CONFIGFILE.split('.')[-1] %} - name: /opt/so/conf/logstash/pipelines/{{PL}}/{{CONFIGFILE.split('/')[1] | replace(".jinja", "")}} - template: jinja - {% else %} + {% else %} - name: /opt/so/conf/logstash/pipelines/{{PL}}/{{CONFIGFILE.split('/')[1]}} - {% endif %} + {% endif %} - user: 931 - group: 939 - mode: 660 - makedirs: True - {% endfor %} + {% endfor %} ls_pipeline_{{PL}}: file.directory: @@ -88,12 +97,12 @@ ls_pipeline_{{PL}}: - user: 931 - group: 939 - require: - {% for CONFIGFILE in PIPELINES[PL].config %} + {% for CONFIGFILE in PIPELINES[PL].config %} - file: ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }} - {% endfor %} + {% endfor %} - clean: True -{% endfor %} + {% endfor %} lspipelinesyml: file.managed: @@ -145,54 +154,64 @@ so-logstash: - name: so-logstash - user: logstash - extra_hosts: - - {{ MANAGER }}:{{ MANAGERIP }} + - {{ EXTRAHOSTHOSTNAME }}:{{ EXTRAHOSTIP }} - environment: - LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }} - port_bindings: -{% for BINDING in DOCKER_OPTIONS.port_bindings %} + {% for BINDING in DOCKER_OPTIONS.port_bindings %} - {{ BINDING }} -{% endfor %} + {% endfor %} - binds: - /opt/so/conf/elasticsearch/templates/:/templates/:ro - - /opt/so/conf/logstash/etc/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro - - /opt/so/conf/logstash/etc/logstash.yml:/usr/share/logstash/config/logstash.yml:ro - - /opt/so/conf/logstash/etc/pipelines.yml:/usr/share/logstash/config/pipelines.yml + - /opt/so/conf/logstash/etc/:/usr/share/logstash/config/:ro - /opt/so/conf/logstash/pipelines:/usr/share/logstash/pipelines:ro - /opt/so/rules:/etc/nsm/rules:ro - /nsm/import:/nsm/import:ro - /nsm/logstash:/usr/share/logstash/data:rw - /opt/so/log/logstash:/var/log/logstash:rw - /sys/fs/cgroup:/sys/fs/cgroup:ro + {% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %} - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro + {% endif %} - /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro - {% if grains['role'] == 'so-heavynode' %} + {% if grains['role'] == 'so-heavynode' %} - /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro - {% else %} + {% else %} - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro - {% endif %} + {% endif %} - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - /opt/so/conf/ca/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro - - /etc/pki/ca.cer:/ca/ca.crt:ro - {%- if grains['role'] == 'so-eval' %} + {%- if grains['role'] == 'so-eval' %} - /nsm/zeek:/nsm/zeek:ro - /nsm/suricata:/suricata:ro - /nsm/wazuh/logs/alerts:/wazuh/alerts:ro - /nsm/wazuh/logs/archives:/wazuh/archives:ro - /opt/so/log/fleet/:/osquery/logs:ro - /opt/so/log/strelka:/strelka:ro - {%- endif %} + {%- endif %} - watch: - file: lsetcsync -{% for PL in PIPELINES %} + {% for PL in PIPELINES %} - file: ls_pipeline_{{PL}} - {% for CONFIGFILE in PIPELINES[PL].config %} + {% for CONFIGFILE in PIPELINES[PL].config %} - file: ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }} + {% endfor %} {% endfor %} -{% endfor %} -{% for TEMPLATE in TEMPLATES %} + {% for TEMPLATE in TEMPLATES %} - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} -{% endfor %} + {% endfor %} + - require: + {% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %} + - x509: etc_filebeat_crt + {% endif %} + {% if grains['role'] == 'so-heavynode' %} + - x509: trusttheca + {% else %} + - x509: pki_public_ca_crt + {% endif %} + - file: cacertz + - file: capemz append_so-logstash_so-status.conf: file.append: @@ -205,4 +224,4 @@ append_so-logstash_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/logstash/pipelines/config/so/0011_input_endgame.conf b/salt/logstash/pipelines/config/so/0011_input_endgame.conf new file mode 100644 index 000000000..375585957 --- /dev/null +++ b/salt/logstash/pipelines/config/so/0011_input_endgame.conf @@ -0,0 +1,14 @@ +input { + http { + id => "endgame_data" + port => 3765 + codec => es_bulk + request_headers_target_field => client_headers + remote_host_target_field => client_host + ssl => true + ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"] + ssl_certificate => "/usr/share/logstash/filebeat.crt" + ssl_key => "/usr/share/logstash/filebeat.key" + ssl_verify_mode => "peer" + } +} diff --git a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja index 60229422b..35f77c5a0 100644 --- a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja +++ b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja @@ -1,10 +1,13 @@ -{%- set MANAGER = salt['grains.get']('master') %} -{%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %} -{% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %} - +{%- if grains.role in ['so-heavynode'] %} + {%- set HOST = salt['grains.get']('host') %} +{%- else %} + {%- set HOST = salt['grains.get']('master') %} +{%- endif %} + {%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %} +{%- set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %} input { redis { - host => '{{ MANAGER }}' + host => '{{ HOST }}' port => 9696 ssl => true data_type => 'list' diff --git a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja index 56c8a311b..f8a9b25af 100644 --- a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja +++ b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja @@ -6,7 +6,7 @@ {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} output { - if [metadata][pipeline] { + if "filebeat" in [metadata][pipeline] { elasticsearch { id => "filebeat_modules_metadata_pipeline" pipeline => "%{[metadata][pipeline]}" diff --git a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja index 2ad403ab9..c6537d2f5 100644 --- a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja +++ b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja @@ -6,7 +6,7 @@ {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} output { - if "beat-ext" in [tags] and "import" not in [tags] { + if "beat-ext" in [tags] and "import" not in [tags] and "filebeat" not in [metadata][pipeline] { elasticsearch { pipeline => "beats.common" hosts => "{{ ES }}" diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja new file mode 100644 index 000000000..86944d155 --- /dev/null +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -0,0 +1,27 @@ +{%- if grains['role'] == 'so-eval' -%} +{%- set ES = salt['pillar.get']('manager:mainip', '') -%} +{%- else %} +{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%} +{%- endif %} +{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} +{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} + +output { + if [module] =~ "logscan" { + elasticsearch { + id => "logscan_pipeline" + pipeline => "logscan.alert" + hosts => "{{ ES }}" + {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + user => "{{ ES_USER }}" + password => "{{ ES_PASS }}" + {% endif %} + index => "so-logscan" + template_name => "so-common" + template => "/templates/so-common-template.json" + template_overwrite => true + ssl => true + ssl_certificate_verification => false + } + } +} diff --git a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja new file mode 100644 index 000000000..b5920fe40 --- /dev/null +++ b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja @@ -0,0 +1,29 @@ +{%- if grains['role'] == 'so-eval' -%} +{%- set ES = salt['pillar.get']('manager:mainip', '') -%} +{%- else %} +{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%} +{%- endif %} +{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} +{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} +filter { + if [event][module] =~ "endgame" { + mutate { + remove_field => ["client_headers", "client_host"] + } + } +} +output { + if [event][module] =~ "endgame" { + elasticsearch { + id => "endgame_es_output" + hosts => "{{ ES }}" + {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + user => "{{ ES_USER }}" + password => "{{ ES_PASS }}" + {% endif %} + index => "endgame-%{+YYYY.MM.dd}" + ssl => true + ssl_certificate_verification => false + } + } +} diff --git a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja index 626ed62c3..6b9c62e2f 100644 --- a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja +++ b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja @@ -1,8 +1,12 @@ -{%- set MANAGER = salt['grains.get']('master') %} -{% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %} +{%- if grains.role in ['so-heavynode'] %} + {%- set HOST = salt['grains.get']('host') %} +{%- else %} + {%- set HOST = salt['grains.get']('master') %} +{%- endif %} +{%- set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %} output { redis { - host => '{{ MANAGER }}' + host => '{{ HOST }}' port => 6379 data_type => 'list' key => 'logstash:unparsed' diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index 993452b57..1b7f05e04 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -77,7 +77,7 @@ FreshIndexMaxAge: 300 # AllowUserPorts: 80 RedirMax: 6 # VfileUseRangeOps is set for fedora volatile files on mirrors that dont to range -VfileUseRangeOps: 0 +VfileUseRangeOps: -1 # PassThroughPattern: private-ppa\.launchpad\.net:443$ # PassThroughPattern: .* # this would allow CONNECT to everything PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/ diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 17b1ad9e0..990eda3d3 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -22,7 +22,9 @@ include: - elasticsearch.auth + - kibana.secrets - salt.minion + - kratos socore_own_saltstack: file.directory: @@ -60,8 +62,7 @@ aptcacherlogdir: - group: 939 - makedirs: true -# Copy the config -acngcopyconf: +acngconf: file.managed: - name: /opt/so/conf/aptcacher-ng/etc/acng.conf - source: salt://manager/files/acng/acng.conf @@ -80,6 +81,8 @@ so-aptcacherng: - /opt/so/conf/aptcacher-ng/cache:/var/cache/apt-cacher-ng:rw - /opt/so/log/aptcacher-ng:/var/log/apt-cacher-ng:rw - /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro + - require: + - file: acngconf append_so-aptcacherng_so-status.conf: file.append: @@ -124,7 +127,11 @@ syncesusers: - creates: - /opt/so/saltstack/local/salt/elasticsearch/files/users - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles + - /opt/so/conf/soc/soc_users_roles - show_changes: False + - require: + - docker_container: so-kratos + - http: wait_for_kratos {% else %} diff --git a/salt/minio/init.sls b/salt/minio/init.sls index f61209c8b..8e4d548f6 100644 --- a/salt/minio/init.sls +++ b/salt/minio/init.sls @@ -21,6 +21,9 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} +include: + - ssl + # Minio Setup minioconfdir: file.directory: @@ -59,6 +62,9 @@ so-minio: - /etc/pki/minio.key:/.minio/certs/private.key:ro - /etc/pki/minio.crt:/.minio/certs/public.crt:ro - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data" + - require: + - file: minio_key + - file: minio_crt append_so-minio_so-status.conf: file.append: @@ -71,4 +77,4 @@ append_so-minio_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/mysql/etc/mypass b/salt/mysql/etc/mypass index f5f781c10..b38bf75ec 100644 --- a/salt/mysql/etc/mypass +++ b/salt/mysql/etc/mypass @@ -1,2 +1 @@ -{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} {{ MYSQLPASS }} diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index be44b652c..cb9586984 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -22,7 +22,11 @@ mysqlpkgs: - skip_suggestions: False - pkgs: {% if grains['os'] != 'CentOS' %} - - python-mysqldb + {% if grains['oscodename'] == 'bionic' %} + - python3-mysqldb + {% elif grains['oscodename'] == 'focal' %} + - python3-mysqldb + {% endif %} {% else %} - MySQL-python {% endif %} @@ -41,13 +45,22 @@ mysqlpiddir: - group: 939 - makedirs: True -mysqletcsync: - file.recurse: - - name: /opt/so/conf/mysql/etc - - source: salt://mysql/etc +mysqlcnf: + file.managed: + - name: /opt/so/conf/mysql/etc/my.cnf + - source: salt://mysql/etc/my.cnf + - user: 939 + - group: 939 + +mysqlpass: + file.managed: + - name: /opt/so/conf/mysql/etc/mypass + - source: salt://mysql/etc/mypass - user: 939 - group: 939 - template: jinja + - defaults: + MYSQLPASS: {{ MYSQLPASS }} mysqllogdir: file.directory: @@ -90,6 +103,9 @@ so-mysql: - /opt/so/log/mysql:/var/log/mysql:rw - watch: - /opt/so/conf/mysql/etc + - require: + - file: mysqlcnf + - file: mysqlpass cmd.run: - name: until nc -z {{ MAINIP }} 3306; do sleep 1; done - timeout: 600 @@ -114,4 +130,4 @@ append_so-mysql_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index cafa583b5..f0308b868 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -149,7 +149,7 @@ http { root /opt/socore/html; index index.html; - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self'"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'"; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; @@ -167,6 +167,7 @@ http { proxy_pass http://{{ manager_ip }}:9822; proxy_read_timeout 90; proxy_connect_timeout 90; + proxy_set_header x-user-id ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -277,6 +278,7 @@ http { } location /nodered/ { + auth_request /auth/sessions/whoami; proxy_pass http://{{ manager_ip }}:1880/; proxy_read_timeout 90; proxy_connect_timeout 90; @@ -290,6 +292,7 @@ http { } location /playbook/ { + auth_request /auth/sessions/whoami; proxy_pass http://{{ manager_ip }}:3200/playbook/; proxy_read_timeout 90; proxy_connect_timeout 90; @@ -346,6 +349,7 @@ http { } location /soctopus/ { + auth_request /auth/sessions/whoami; proxy_pass http://{{ manager_ip }}:7000/; proxy_read_timeout 300; proxy_connect_timeout 300; @@ -375,6 +379,7 @@ http { proxy_pass http://{{ manager_ip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; + proxy_set_header x-user-id ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index 15c1acc8e..615372216 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -8,6 +8,9 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap') %} +include: + - ssl + # Drop the correct nginx config based on role nginxconfdir: file.directory: @@ -73,28 +76,38 @@ so-nginx: - /opt/so/log/nginx/:/var/log/nginx:rw - /opt/so/tmp/nginx/:/var/lib/nginx:rw - /opt/so/tmp/nginx/:/run:rw + - /opt/so/conf/fleet/packages:/opt/socore/html/packages + {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro - - /opt/so/conf/fleet/packages:/opt/socore/html/packages - {% if ISAIRGAP is sameas true %} - - /nsm/repo:/opt/socore/html/repo:ro - {% endif %} # ATT&CK Navigator binds - /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro - /opt/so/conf/navigator/nav_layer_playbook.json:/opt/socore/html/navigator/assets/playbook.json:ro + {% endif %} + {% if ISAIRGAP is sameas true %} + - /nsm/repo:/opt/socore/html/repo:ro + {% endif %} - cap_add: NET_BIND_SERVICE - port_bindings: - 80:80 - 443:443 - {% if ISAIRGAP is sameas true %} + {% if ISAIRGAP is sameas true %} - 7788:7788 - {% endif %} - {%- if FLEETMANAGER or FLEETNODE %} + {% endif %} + {%- if FLEETMANAGER or FLEETNODE %} - 8090:8090 - {%- endif %} + {%- endif %} - watch: - file: nginxconf - file: nginxconfdir + - require: + - file: nginxconf + {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} + - x509: managerssl_key + - x509: managerssl_crt + - file: navigatorconfig + - file: navigatordefaultlayer + {% endif %} append_so-nginx_so-status.conf: file.append: @@ -107,4 +120,4 @@ append_so-nginx_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/patch/os/schedule.sls b/salt/patch/os/schedule.sls index 4ad9a454e..7e5b3d532 100644 --- a/salt/patch/os/schedule.sls +++ b/salt/patch/os/schedule.sls @@ -42,7 +42,7 @@ patch_os_schedule: - function: state.sls - job_args: - patch.os - - hours: 8 + - hours: {{ patch_os_pillar.get('hours', 8) }} - splay: {{splay}} - return_job: True diff --git a/salt/pcap/files/config b/salt/pcap/files/config index 048775ef7..24f9a579e 100644 --- a/salt/pcap/files/config +++ b/salt/pcap/files/config @@ -1,18 +1,23 @@ -{%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %} -{%- set diskfreepercentage = salt['pillar.get']('steno:diskfreepercentage', 10) %} - +{%- set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} +{%- set DISKFREEPERCENTAGE = salt['pillar.get']('steno:diskfreepercentage', 10) %} +{%- set MAXFILES = salt['pillar.get']('steno:maxfiles', 30000) %} +{%- set BLOCKS = salt['pillar.get']('steno:blocks', 2048) %} +{%- set FILEMB = salt['pillar.get']('steno:filemb', 4096) %} +{%- set AIOPS = salt['pillar.get']('steno:aiops', 128) %} +{%- set THREADS = salt['pillar.get']('steno:threads', 1) %} { "Threads": [ - { "PacketsDirectory": "/nsm/pcap" - , "IndexDirectory": "/nsm/pcapindex" - , "MaxDirectoryFiles": 30000 - , "DiskFreePercentage": {{ diskfreepercentage }} - } + { "PacketsDirectory": "/nsm/pcap", "IndexDirectory": "/nsm/pcapindex", "MaxDirectoryFiles": {{ MAXFILES }}, "DiskFreePercentage": {{ DISKFREEPERCENTAGE }} } + {%- if THREADS > 1 %} + {%- for i in range(2,THREADS+1) %} + , { "PacketsDirectory": "/nsm/pcap" , "IndexDirectory": "/nsm/pcapindex", "MaxDirectoryFiles": {{ MAXFILES }}, "DiskFreePercentage": {{ DISKFREEPERCENTAGE }} } + {%- endfor %} + {%- endif %} ] , "StenotypePath": "/usr/bin/stenotype" - , "Interface": "{{ interface }}" + , "Interface": "{{ INTERFACE }}" , "Port": 1234 , "Host": "127.0.0.1" - , "Flags": ["-v", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}] + , "Flags": ["-v", "--blocks={{ BLOCKS }}", "--preallocate_file_mb={{ FILEMB }}", "--aiops={{ AIOPS }}", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}] , "CertPath": "/etc/stenographer/certs" -} \ No newline at end of file +} diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 6679215e4..7b56fbd1f 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -15,13 +15,14 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} +{% from "pcap/map.jinja" import STENOOPTIONS with context %} + {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %} {% set BPF_COMPILED = "" %} -{% from "pcap/map.jinja" import STENOOPTIONS with context %} # PCAP Section @@ -111,12 +112,11 @@ stenolog: so-steno: docker_container.{{ STENOOPTIONS.status }}: + {% if STENOOPTIONS.status == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} - start: {{ STENOOPTIONS.start }} - network_mode: host - privileged: True - - port_bindings: - - 127.0.0.1:1234:1234 - binds: - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw - /opt/so/conf/steno/config:/etc/stenographer/config:rw @@ -125,7 +125,12 @@ so-steno: - /nsm/pcaptmp:/tmp:rw - /opt/so/log/stenographer:/var/log/stenographer:rw - watch: - - file: /opt/so/conf/steno/config + - file: stenoconf + - require: + - file: stenoconf + {% else %} {# if stenographer isn't enabled, then stop and remove the container #} + - force: True + {% endif %} append_so-steno_so-status.conf: file.append: @@ -133,7 +138,6 @@ append_so-steno_so-status.conf: - text: so-steno - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf - {% if not STENOOPTIONS.start %} so-steno_so-status.disabled: file.comment: @@ -152,4 +156,4 @@ delete_so-steno_so-status.disabled: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja index b3c746bcc..ad23f763b 100644 --- a/salt/pcap/map.jinja +++ b/salt/pcap/map.jinja @@ -9,7 +9,7 @@ {% endif %} {% if ENABLED is sameas false %} - {% do STENOOPTIONS.update({'status': 'stopped'}) %} + {% do STENOOPTIONS.update({'status': 'absent'}) %} {% else %} {% do STENOOPTIONS.update({'status': 'running'}) %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/redis/init.sls b/salt/redis/init.sls index a99df219f..d52c49d5b 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -19,6 +19,9 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} +include: + - ssl + # Redis Setup redisconfdir: file.directory: @@ -41,10 +44,10 @@ redislogdir: - group: 939 - makedirs: True -redisconfsync: - file.recurse: - - name: /opt/so/conf/redis/etc - - source: salt://redis/etc +redisconf: + file.managed: + - name: /opt/so/conf/redis/etc/redis.conf + - source: salt://redis/etc/redis.conf - user: 939 - group: 939 - template: jinja @@ -67,6 +70,11 @@ so-redis: - entrypoint: "redis-server /usr/local/etc/redis/redis.conf" - watch: - file: /opt/so/conf/redis/etc + - require: + - file: redisconf + - x509: redis_crt + - x509: redis_key + - x509: pki_public_ca_crt append_so-redis_so-status.conf: file.append: @@ -79,4 +87,4 @@ append_so-redis_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/registry/init.sls b/salt/registry/init.sls index eb0c2df0c..76ccbf070 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -1,6 +1,9 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} +include: + - ssl + # Create the config directory for the docker registry dockerregistryconfdir: file.directory: @@ -47,6 +50,10 @@ so-dockerregistry: - retry: attempts: 5 interval: 30 + - require: + - file: dockerregistryconf + - x509: registry_crt + - x509: registry_key append_so-dockerregistry_so-status.conf: file.append: diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index f5d94e241..f6fbdb6f3 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -68,8 +68,8 @@ yumconf: {% endif %} cleanyum: - module.run: - - pkg.clean_metadata: [] + cmd.run: + - name: 'yum clean metadata' - onchanges: {% if ISAIRGAP %} - file: airgapyum @@ -80,4 +80,3 @@ cleanyum: {% endif %} {% endif %} - diff --git a/salt/salt/init.sls b/salt/salt/init.sls index 18be055db..fe340772e 100644 --- a/salt/salt/init.sls +++ b/salt/salt/init.sls @@ -2,8 +2,13 @@ saltpymodules: pkg.installed: - pkgs: - - python-docker + {% if grains['oscodename'] == 'bionic' %} - python-m2crypto + - python-docker + {% elif grains['oscodename'] == 'focal' %} + - python3-m2crypto + - python3-docker + {% endif %} {% endif %} salt_bootstrap: diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 3db257d1b..04fc1769c 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -87,4 +87,4 @@ salt_minion_service: patch_pkg: pkg.installed: - - name: patch \ No newline at end of file + - name: patch diff --git a/salt/salt/scripts/bootstrap-salt.sh b/salt/salt/scripts/bootstrap-salt.sh index 70241a041..3e54afce0 100644 --- a/salt/salt/scripts/bootstrap-salt.sh +++ b/salt/salt/scripts/bootstrap-salt.sh @@ -3082,7 +3082,11 @@ install_ubuntu_git_deps() { __PACKAGES="${__PACKAGES} python3-setuptools" else # There is no m2crypto package for Py3 at this time - only install for Py2 + if [ $DISTRO_CODENAME == "focal" ]; then + __PACKAGES="${__PACKAGES} python3-m2crypto" + else __PACKAGES="${__PACKAGES} python-m2crypto" + fi fi __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index 1a6e6fc8c..743021a7d 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -17,7 +17,7 @@ "agent": { "nodeId": "{{ grains.host | lower }}", "role": "{{ grains.role }}", - "description": "{{ DESCRIPTION }}", + "description": {{ DESCRIPTION | tojson }}, "address": "{{ ADDRESS }}", "model": "{{ MODEL }}", "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls index a55049c06..1405c72bf 100644 --- a/salt/sensoroni/init.sls +++ b/salt/sensoroni/init.sls @@ -38,8 +38,10 @@ so-sensoroni: - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw - watch: - file: /opt/so/conf/sensoroni/sensoroni.json + - require: + - file: sensoroniagentconf append_so-sensoroni_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - - text: so-sensoroni \ No newline at end of file + - text: so-sensoroni diff --git a/salt/soc/files/soc/custom_roles b/salt/soc/files/soc/custom_roles new file mode 100644 index 000000000..b95b94da4 --- /dev/null +++ b/salt/soc/files/soc/custom_roles @@ -0,0 +1,23 @@ +# Define custom business role mappings, or remove mappings that come with +# the default SOC deployment. +# +# IMPORTANT: This file should be copied from the salt/default tree into +# the salt/local tree (preserving the same directory structure). +# Failure to do this will result in the customizations being +# overwritten on future upgrades. +# +# Syntax => prebuiltRoleX: customRoleY: op +# Explanation => roleY and roleZ are adjusted permissions of roleX, op is: +# + add the new permissions/role mappings (default) +# - remove existing "explicit" prebuilt permissions. This +# does not work with implictly inherited permissions. +# +# In the example below, we will define two new roles for segregating +# analysts into two regions. Then we will remove the ability for all +# analysts to see the roles of other analysts. (Seperately we will need to +# define these two new roles in Elasticsearch so that each analyst region +# can only see data from their specific region's indices, but that is out +# of scope from this file.) +# +# analyst: westcoast_analyst, eastcoast_analyst +# roles/read: user-monitor:- \ No newline at end of file diff --git a/salt/soc/files/soc/hunt.eventfields.json b/salt/soc/files/soc/hunt.eventfields.json index e8af03a5c..7964a360b 100644 --- a/salt/soc/files/soc/hunt.eventfields.json +++ b/salt/soc/files/soc/hunt.eventfields.json @@ -30,7 +30,7 @@ "::software": ["soc_timestamp", "source.ip", "software.name", "software.type" ], "::ssh": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "ssh.version", "ssh.hassh_version", "ssh.direction", "ssh.client", "ssh.server", "log.id.uid" ], "::ssl": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "ssl.server_name", "ssl.certificate.subject", "ssl.validation_status", "ssl.version", "log.id.uid" ], - "::syslog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "syslog.facility", "network.protocol", "syslog.severity", "log.id.uid" ], + ":zeek:syslog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "syslog.facility", "network.protocol", "syslog.severity", "log.id.uid" ], "::tunnels": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "tunnel_type", "action", "log.id.uid" ], "::weird": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "weird.name", "log.id.uid" ], "::x509": ["soc_timestamp", "x509.certificate.subject", "x509.certificate.key.type", "x509.certificate.key.length", "x509.certificate.issuer", "log.id.fuid" ], @@ -40,5 +40,13 @@ ":strelka:file": ["soc_timestamp", "file.name", "file.size", "hash.md5", "file.source", "file.mime_type", "log.id.fuid" ], ":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ], ":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ], - ":windows_eventlog:": ["soc_timestamp", "user.name" ] + ":windows_eventlog:": ["soc_timestamp", "user.name" ], + ":elasticsearch:": ["soc_timestamp", "agent.name", "message", "log.level", "metadata.version", "metadata.pipeline", "event.dataset" ], + ":kibana:": ["soc_timestamp", "host.name", "message", "kibana.log.meta.req.headers.x-real-ip", "event.dataset" ], + "::rootcheck": ["soc_timestamp", "host.name", "metadata.ip_address", "log.full", "event.dataset", "event.module" ], + "::ossec": ["soc_timestamp", "host.name", "metadata.ip_address", "log.full", "event.dataset", "event.module" ], + "::syscollector": ["soc_timestamp", "host.name", "metadata.ip_address", "wazuh.data.type", "log.full", "event.dataset", "event.module" ], + ":syslog:syslog": ["soc_timestamp", "host.name", "metadata.ip_address", "real_message", "syslog.priority", "syslog.application" ], + ":aws:": ["soc_timestamp", "aws.cloudtrail.event_category", "aws.cloudtrail.event_type", "event.provider", "event.action", "event.outcome", "cloud.region", "user.name", "source.ip", "source.geo.region_iso_code" ], + ":squid:": ["soc_timestamp", "url.original", "destination.ip", "destination.geo.country_iso_code", "user.name", "source.ip" ] } diff --git a/salt/soc/files/soc/menu.actions.json b/salt/soc/files/soc/menu.actions.json index 665ca4c39..5d3c16156 100644 --- a/salt/soc/files/soc/menu.actions.json +++ b/salt/soc/files/soc/menu.actions.json @@ -1,3 +1,4 @@ +{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', False) %} [ { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", "links": [ @@ -29,5 +30,11 @@ { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", "links": [ "https://www.virustotal.com/gui/search/{value}" - ]} + ]} + {%- if ENDGAMEHOST %} + ,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank", + "links": [ + "https://{{ ENDGAMEHOST }}/endpoints/{:agent.id}" + ]} + {% endif %} ] diff --git a/salt/soc/files/soc/motd.md b/salt/soc/files/soc/motd.md index ab9d6b843..fd95b089d 100644 --- a/salt/soc/files/soc/motd.md +++ b/salt/soc/files/soc/motd.md @@ -6,7 +6,7 @@ If you're ready to dive-in, take a look at the [Alerts](/#/alerts) interface to ## What's New -The release notes have moved to the upper-right menu. Click on the [What's New](/docs/#document-release-notes) menu option to find all the latest fixes and features in this version of Security Onion! +The release notes have moved to the upper-right menu. Click on the [What's New](/docs/#release-notes) menu option to find all the latest fixes and features in this version of Security Onion! ## Customize This Space diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 36135b6e5..02128fd3c 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -3,7 +3,8 @@ {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %} {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %} -{%- set OSQUERY = salt['pillar.get']('manager:osquery', '0') %} +{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {%- set API_TIMEOUT = salt['pillar.get']('sensoroni:api_timeout_ms', 0) %} @@ -25,7 +26,7 @@ {%- set ES_USER = '' %} {%- set ES_PASS = '' %} {%- endif %} - +{%- set ES_INDEX_PATTERNS = salt['pillar.get']('soc:es_index_patterns', '*:so-*') %} { "logFilename": "/opt/sensoroni/logs/sensoroni-server.log", "server": { @@ -56,6 +57,7 @@ {%- endif %} "username": "{{ ES_USER }}", "password": "{{ ES_PASS }}", + "index": "{{ ES_INDEX_PATTERNS }}", "cacheMs": {{ ES_FIELDCAPS_CACHE }}, "verifyCert": false, "timeoutMs": {{ API_TIMEOUT }} @@ -85,15 +87,27 @@ "statickeyauth": { "anonymousCidr": "{{ DNET }}/24", "apiKey": "{{ SENSORONIKEY }}" + }, + "staticrbac": { + "roleFiles": [ + "rbac/permissions", + "rbac/roles", + "rbac/custom_roles" + ], + "userFiles": [ + "rbac/users_roles" + ] } }, "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", "cheatsheetUrl": "/docs/cheatsheet.pdf", + "releaseNotesUrl": "/docs/#release-notes", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", + "releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes", {%- endif %} "apiTimeoutMs": {{ API_TIMEOUT }}, "webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }}, @@ -106,7 +120,7 @@ {%- if THEHIVE == 0 %} "toolTheHive", {%- endif %} - {%- if OSQUERY == 0 %} + {%- if not FLEETMANAGER and not FLEETNODE %} "toolFleet", {%- endif %} {%- if GRAFANA == 0 %} diff --git a/salt/soc/init.sls b/salt/soc/init.sls index b8cdb09ba..856f929bd 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -26,6 +26,15 @@ soclogdir: - group: 939 - makedirs: True +socactions: + file.managed: + - name: /opt/so/conf/soc/menu.actions.json + - source: salt://soc/files/soc/menu.actions.json + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + socconfig: file.managed: - name: /opt/so/conf/soc/soc.json @@ -34,6 +43,7 @@ socconfig: - group: 939 - mode: 600 - template: jinja + - show_changes: False socmotd: file.managed: @@ -62,6 +72,19 @@ soccustom: - mode: 600 - template: jinja +soccustomroles: + file.managed: + - name: /opt/so/conf/soc/custom_roles + - source: salt://soc/files/soc/custom_roles + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + +socusersroles: + file.exists: + - name: /opt/so/conf/soc/soc_users_roles + # we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate' # is in the minion config. That line is added before the final highstate during setup sosyncusers: @@ -77,11 +100,13 @@ so-soc: - name: so-soc - binds: - /nsm/soc/jobs:/opt/sensoroni/jobs:rw + - /opt/so/log/soc/:/opt/sensoroni/logs/:rw - /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro - /opt/so/conf/soc/motd.md:/opt/sensoroni/html/motd.md:ro - /opt/so/conf/soc/banner.md:/opt/sensoroni/html/login/banner.md:ro - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro - - /opt/so/log/soc/:/opt/sensoroni/logs/:rw + - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro + - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw {%- if salt['pillar.get']('nodestab', {}) %} - extra_hosts: {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} @@ -92,69 +117,21 @@ so-soc: - 0.0.0.0:9822:9822 - watch: - file: /opt/so/conf/soc/* + - require: + - file: socdatadir + - file: soclogdir + - file: socconfig + - file: socmotd + - file: socbanner + - file: soccustom + - file: soccustomroles + - file: socusersroles append_so-soc_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-soc -# Add Kratos Group -kratosgroup: - group.present: - - name: kratos - - gid: 928 - -# Add Kratos user -kratos: - user.present: - - uid: 928 - - gid: 928 - - home: /opt/so/conf/kratos - -kratosdir: - file.directory: - - name: /opt/so/conf/kratos/db - - user: 928 - - group: 928 - - makedirs: True - -kratoslogdir: - file.directory: - - name: /opt/so/log/kratos - - user: 928 - - group: 928 - - makedirs: True - -kratossync: - file.recurse: - - name: /opt/so/conf/kratos - - source: salt://soc/files/kratos - - user: 928 - - group: 928 - - file_mode: 600 - - template: jinja - -so-kratos: - docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kratos:{{ VERSION }} - - hostname: kratos - - name: so-kratos - - binds: - - /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro - - /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro - - /opt/so/log/kratos/:/kratos-log:rw - - /opt/so/conf/kratos/db:/kratos-data:rw - - port_bindings: - - 0.0.0.0:4433:4433 - - 0.0.0.0:4434:4434 - - watch: - - file: /opt/so/conf/kratos - -append_so-kratos_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-kratos - {% else %} {{sls}}_state_not_allowed: diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index c2c8dc1ac..576cc573d 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -8,9 +8,12 @@ {% set MANAGER_IP = salt['pillar.get']('global:managerip', '') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} +include: + - nginx + soctopusdir: file.directory: - - name: /opt/so/conf/soctopus + - name: /opt/so/conf/soctopus/sigma-import - user: 939 - group: 939 - makedirs: True @@ -63,6 +66,7 @@ so-soctopus: - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw + - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw {% if ISAIRGAP is sameas true %} - /nsm/repo/rules/sigma:/soctopus/sigma {% endif %} @@ -70,6 +74,9 @@ so-soctopus: - 0.0.0.0:7000:7000 - extra_hosts: - {{MANAGER_URL}}:{{MANAGER_IP}} + - require: + - file: soctopusconf + - file: navigatordefaultlayer append_so-soctopus_so-status.conf: file.append: @@ -82,4 +89,4 @@ append_so-soctopus_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 5786437f6..a71a79662 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -9,6 +9,11 @@ {% set MAININT = salt['pillar.get']('host:mainint') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %} +{% if grains.role in ['so-heavynode'] %} + {% set COMMONNAME = salt['grains.get']('host') %} +{% else %} + {% set COMMONNAME = manager %} +{% endif %} {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import', 'helixsensor'] %} {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %} @@ -25,6 +30,9 @@ {% set ca_server = global_ca_server[0] %} {% endif %} +include: + - ca + # Trust the CA trusttheca: x509.pem_managed: @@ -37,7 +45,11 @@ m2cryptopkgs: pkg.installed: - skip_suggestions: False - pkgs: + {% if grains['oscodename'] == 'bionic' %} - python-m2crypto + {% elif grains['oscodename'] == 'focal' %} + - python3-m2crypto + {% endif %} {% endif %} removefbcertdir: @@ -55,8 +67,9 @@ removeesp12dir: - name: /etc/pki/elasticsearch.p12 - onlyif: "[ -d /etc/pki/elasticsearch.p12 ]" -/etc/pki/influxdb.key: +influxdb_key: x509.private_key_managed: + - name: /etc/pki/influxdb.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -73,20 +86,23 @@ removeesp12dir: interval: 30 # Create a cert for the talking to influxdb -/etc/pki/influxdb.crt: +influxdb_crt: x509.certificate_managed: + - name: /etc/pki/influxdb.crt - ca_server: {{ ca_server }} - signing_policy: influxdb - public_key: /etc/pki/influxdb.key - CN: {{ manager }} - - subjectAltName: DNS:{{ HOSTNAME }} + - subjectAltName: DNS:{{ manager }}, IP:{{ managerip }} - days_remaining: 0 - days_valid: 820 - backup: True +{% if grains.role not in ['so-heavynode'] %} - unless: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' +{% endif %} - timeout: 30 - retry: attempts: 5 @@ -101,9 +117,10 @@ influxkeyperms: {% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %} # Create a cert for Redis encryption -/etc/pki/redis.key: +redis_key: x509.private_key_managed: - - CN: {{ manager }} + - name: /etc/pki/redis.key + - CN: {{ COMMONNAME }} - bits: 4096 - days_remaining: 0 - days_valid: 820 @@ -118,19 +135,22 @@ influxkeyperms: attempts: 5 interval: 30 -/etc/pki/redis.crt: +redis_crt: x509.certificate_managed: + - name: /etc/pki/redis.crt - ca_server: {{ ca_server }} - signing_policy: registry - public_key: /etc/pki/redis.key - - CN: {{ manager }} + - CN: {{ COMMONNAME }} - days_remaining: 0 - days_valid: 820 - backup: True +{% if grains.role not in ['so-heavynode'] %} - unless: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' +{% endif %} - timeout: 30 - retry: attempts: 5 @@ -145,9 +165,10 @@ rediskeyperms: {% endif %} {% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %} -/etc/pki/filebeat.key: +etc_filebeat_key: x509.private_key_managed: - - CN: {{ manager }} + - name: /etc/pki/filebeat.key + - CN: {{ COMMONNAME }} - bits: 4096 - days_remaining: 0 - days_valid: 820 @@ -155,7 +176,7 @@ rediskeyperms: - new: True {% if salt['file.file_exists']('/etc/pki/filebeat.key') -%} - prereq: - - x509: /etc/pki/filebeat.crt + - x509: etc_filebeat_crt {%- endif %} - timeout: 30 - retry: @@ -163,23 +184,22 @@ rediskeyperms: interval: 30 # Request a cert and drop it where it needs to go to be distributed -/etc/pki/filebeat.crt: +etc_filebeat_crt: x509.certificate_managed: + - name: /etc/pki/filebeat.crt - ca_server: {{ ca_server }} - signing_policy: filebeat - public_key: /etc/pki/filebeat.key -{% if grains.role == 'so-heavynode' %} - - CN: {{grains.host}} -{% else %} - - CN: {{manager}} -{% endif %} + - CN: {{ COMMONNAME }} - days_remaining: 0 - days_valid: 820 - backup: True +{% if grains.role not in ['so-heavynode'] %} - unless: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' +{% endif %} - timeout: 30 - retry: attempts: 5 @@ -187,7 +207,7 @@ rediskeyperms: cmd.run: - name: "/usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8 -nocrypt" - onchanges: - - x509: /etc/pki/filebeat.key + - x509: etc_filebeat_key fbperms: @@ -226,8 +246,9 @@ fbcrtlink: - user: socore - group: socore -/etc/pki/registry.key: +registry_key: x509.private_key_managed: + - name: /etc/pki/registry.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -244,9 +265,11 @@ fbcrtlink: interval: 30 # Create a cert for the docker registry -/etc/pki/registry.crt: +registry_crt: x509.certificate_managed: + - name: /etc/pki/registry.crt - ca_server: {{ ca_server }} + - subjectAltName: DNS:{{ manager }}, IP:{{ managerip }} - signing_policy: registry - public_key: /etc/pki/registry.key - CN: {{ manager }} @@ -269,8 +292,9 @@ regkeyperms: - mode: 640 - group: 939 -/etc/pki/minio.key: +minio_key: x509.private_key_managed: + - name: /etc/pki/minio.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -287,8 +311,9 @@ regkeyperms: interval: 30 # Create a cert for minio -/etc/pki/minio.crt: +minio_crt: x509.certificate_managed: + - name: /etc/pki/minio.crt - ca_server: {{ ca_server }} - signing_policy: registry - public_key: /etc/pki/minio.key @@ -315,7 +340,7 @@ miniokeyperms: # Create a cert for elasticsearch /etc/pki/elasticsearch.key: x509.private_key_managed: - - CN: {{ manager }} + - CN: {{ COMMONNAME }} - bits: 4096 - days_remaining: 0 - days_valid: 820 @@ -335,14 +360,16 @@ miniokeyperms: - ca_server: {{ ca_server }} - signing_policy: registry - public_key: /etc/pki/elasticsearch.key - - CN: {{ manager }} + - CN: {{ COMMONNAME }} - days_remaining: 0 - days_valid: 820 - backup: True +{% if grains.role not in ['so-heavynode'] %} - unless: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' +{% endif %} - timeout: 30 - retry: attempts: 5 @@ -366,8 +393,9 @@ elasticp12perms: - mode: 640 - group: 930 -/etc/pki/managerssl.key: +managerssl_key: x509.private_key_managed: + - name: /etc/pki/managerssl.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -384,8 +412,9 @@ elasticp12perms: interval: 30 # Create a cert for the reverse proxy -/etc/pki/managerssl.crt: +managerssl_crt: x509.certificate_managed: + - name: /etc/pki/managerssl.crt - ca_server: {{ ca_server }} - signing_policy: managerssl - public_key: /etc/pki/managerssl.key @@ -411,8 +440,9 @@ msslkeyperms: - group: 939 # Create a private key and cert for OSQuery -/etc/pki/fleet.key: +fleet_key: x509.private_key_managed: + - name: /etc/pki/fleet.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -428,11 +458,12 @@ msslkeyperms: attempts: 5 interval: 30 -/etc/pki/fleet.crt: +fleet_crt: x509.certificate_managed: + - name: /etc/pki/fleet.crt - signing_private_key: /etc/pki/fleet.key - CN: {{ manager }} - - subjectAltName: DNS:{{ manager }},IP:{{ managerip }} + - subjectAltName: DNS:{{ manager }},IP:{{ managerip }}{% if CUSTOM_FLEET_HOSTNAME != None %},DNS:{{ CUSTOM_FLEET_HOSTNAME }}{% endif %} - days_remaining: 0 - days_valid: 820 - backup: True @@ -460,9 +491,10 @@ fbcertdir: - name: /opt/so/conf/filebeat/etc/pki - makedirs: True -/opt/so/conf/filebeat/etc/pki/filebeat.key: +conf_filebeat_key: x509.private_key_managed: - - CN: {{ manager }} + - name: /opt/so/conf/filebeat/etc/pki/filebeat.key + - CN: {{ COMMONNAME }} - bits: 4096 - days_remaining: 0 - days_valid: 820 @@ -470,7 +502,7 @@ fbcertdir: - new: True {% if salt['file.file_exists']('/opt/so/conf/filebeat/etc/pki/filebeat.key') -%} - prereq: - - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt + - x509: conf_filebeat_crt {%- endif %} - timeout: 30 - retry: @@ -478,23 +510,22 @@ fbcertdir: interval: 30 # Request a cert and drop it where it needs to go to be distributed -/opt/so/conf/filebeat/etc/pki/filebeat.crt: +conf_filebeat_crt: x509.certificate_managed: + - name: /opt/so/conf/filebeat/etc/pki/filebeat.crt - ca_server: {{ ca_server }} - signing_policy: filebeat - public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key -{% if grains.role == 'so-heavynode' %} - - CN: {{grains.id}} -{% else %} - - CN: {{manager}} -{% endif %} + - CN: {{ COMMONNAME }} - days_remaining: 0 - days_valid: 820 - backup: True +{% if grains.role not in ['so-heavynode'] %} - unless: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' +{% endif %} - timeout: 30 - retry: attempts: 5 @@ -505,7 +536,7 @@ filebeatpkcs: cmd.run: - name: "/usr/bin/openssl pkcs8 -in /opt/so/conf/filebeat/etc/pki/filebeat.key -topk8 -out /opt/so/conf/filebeat/etc/pki/filebeat.p8 -passout pass:" - onchanges: - - x509: /opt/so/conf/filebeat/etc/pki/filebeat.key + - x509: conf_filebeat_key filebeatkeyperms: file.managed: @@ -526,8 +557,9 @@ chownfilebeatp8: {% if grains['role'] == 'so-fleet' %} -/etc/pki/managerssl.key: +managerssl_key: x509.private_key_managed: + - name: /etc/pki/managerssl.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -544,8 +576,9 @@ chownfilebeatp8: interval: 30 # Create a cert for the reverse proxy -/etc/pki/managerssl.crt: +managerssl_crt: x509.certificate_managed: + - name: /etc/pki/managerssl.crt - ca_server: {{ ca_server }} - signing_policy: managerssl - public_key: /etc/pki/managerssl.key @@ -571,8 +604,9 @@ msslkeyperms: - group: 939 # Create a private key and cert for Fleet -/etc/pki/fleet.key: +fleet_key: x509.private_key_managed: + - name: /etc/pki/fleet.key - CN: {{ manager }} - bits: 4096 - days_remaining: 0 @@ -588,8 +622,9 @@ msslkeyperms: attempts: 5 interval: 30 -/etc/pki/fleet.crt: +fleet_crt: x509.certificate_managed: + - name: /etc/pki/fleet.crt - signing_private_key: /etc/pki/fleet.key - CN: {{ HOSTNAME }} - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }} {% if CUSTOM_FLEET_HOSTNAME != None %},DNS:{{ CUSTOM_FLEET_HOSTNAME }} {% endif %} @@ -677,4 +712,4 @@ elastickeyperms: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml new file mode 100644 index 000000000..2a3805283 --- /dev/null +++ b/salt/strelka/defaults.yaml @@ -0,0 +1,9 @@ +strelka: + ignore: + - generic_anomalies.yar + - general_cloaking.yar + - thor_inverse_matches.yar + - yara_mixed_ext_vars.yar + - gen_susp_js_obfuscatorio.yar + - apt_flame2_orchestrator.yar + - apt_tetris.yar diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index d90484fed..d66b2bef2 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -21,6 +21,8 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %} {% set ENGINE = salt['pillar.get']('global:mdengine', '') %} +{% import_yaml 'strelka/defaults.yaml' as strelka_config with context %} +{% set IGNORELIST = salt['pillar.get']('strelka:ignore', strelka_config.strelka.ignore, merge=True, merge_nested_lists=True) %} # Strelka config strelkaconfdir: @@ -54,6 +56,17 @@ strelkarules: - source: salt://strelka/rules - user: 939 - group: 939 + - clean: True + - exclude_pat: + {% for IGNOREDRULE in IGNORELIST %} + - {{ IGNOREDRULE }} + {% endfor %} + + {% for IGNOREDRULE in IGNORELIST %} +remove_rule_{{ IGNOREDRULE }}: + file.absent: + - name: /opt/so/conf/strelka/rules/signature-base/{{ IGNOREDRULE }} + {% endfor %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} strelkarepos: diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 4cbda4bb4..f83f54c5c 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -15,6 +15,8 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states and grains.role not in ['so-manager', 'so-managersearch'] %} +{% from "suricata/map.jinja" import SURICATAOPTIONS with context %} + {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} @@ -91,7 +93,7 @@ surilogscript: - month: '*' - dayweek: '*' -suriconfigsync: +suriconfig: file.managed: - name: /opt/so/conf/suricata/suricata.yaml - source: salt://suricata/files/suricata.yaml.jinja @@ -136,9 +138,10 @@ suribpf: {% endif %} so-suricata: - docker_container.running: + docker_container.{{ SURICATAOPTIONS.status }}: + {% if SURICATAOPTIONS.status == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} - - start: {{ START }} + - start: {{ SURICATAOPTIONS.start }} - privileged: True - environment: - INTERFACE={{ interface }} @@ -152,10 +155,18 @@ so-suricata: - /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro - network_mode: host - watch: - - file: /opt/so/conf/suricata/suricata.yaml + - file: suriconfig - file: surithresholding - file: /opt/so/conf/suricata/rules/ - file: /opt/so/conf/suricata/bpf + - require: + - file: suriconfig + - file: surithresholding + - file: suribpf + + {% else %} {# if Suricata isn't enabled, then stop and remove the container #} + - force: True + {% endif %} append_so-suricata_so-status.conf: file.append: @@ -163,12 +174,17 @@ append_so-suricata_so-status.conf: - text: so-suricata - unless: grep -q so-suricata /opt/so/conf/so-status/so-status.conf -{% if grains.role == 'so-import' %} -disable_so-suricata_so-status.conf: + {% if not SURICATAOPTIONS.start %} +so-suricata_so-status.disabled: file.comment: - name: /opt/so/conf/so-status/so-status.conf - regex: ^so-suricata$ -{% endif %} + {% else %} +delete_so-suricata_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-suricata$ + {% endif %} /usr/local/bin/surirotate: cron.absent: diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja index ad4d70e80..2ffd5ad08 100644 --- a/salt/suricata/map.jinja +++ b/salt/suricata/map.jinja @@ -1,6 +1,15 @@ -# don't start the docker container if it is an import node -{% if grains.id.split('_')|last == 'import' %} - {% set START = False %} +{% set SURICATAOPTIONS = {} %} +{% set ENABLED = salt['pillar.get']('suricata:enabled', 'True') %} + +# don't start the docker container if it is an import node or disabled via pillar +{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %} + {% do SURICATAOPTIONS.update({'start': False}) %} {% else %} - {% set START = True %} + {% do SURICATAOPTIONS.update({'start': True}) %} +{% endif %} + +{% if ENABLED is sameas false %} + {% do SURICATAOPTIONS.update({'status': 'absent'}) %} +{% else %} + {% do SURICATAOPTIONS.update({'status': 'running'}) %} {% endif %} \ No newline at end of file diff --git a/salt/suricata/suricata_meta.yaml b/salt/suricata/suricata_meta.yaml index 90b220000..1c3855501 100644 --- a/salt/suricata/suricata_meta.yaml +++ b/salt/suricata/suricata_meta.yaml @@ -7,7 +7,7 @@ suricata: dir: /nsm/extracted #write-fileinfo: "yes" #force-filestore: "yes" - #stream-depth: 0 + stream-depth: 0 #max-open-files: 1000 #force-hash: [sha1, md5] xff: diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 44e78ecda..8b37632ce 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -16,10 +16,13 @@ {%- set MANAGER = salt['grains.get']('master') %} {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} -{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} -{% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %} -{% set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %} +{%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %} {%- set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', True) %} +{%- set MDENGINE = salt['pillar.get']('global:mdengine', 'ZEEK') %} + # Global tags can be specified here in key="value" format. [global_tags] @@ -27,6 +30,8 @@ # rack = "1a" ## Environment variables can be used as tags, and throughout the config file # user = "$USER" + role = "{{ grains.id.split('_') | last }}" + {% if grains['role'] == 'so-helix' %} meta_cbid = "{{ UNIQUEID }}" @@ -619,23 +624,26 @@ # # Read stats from one or more Elasticsearch servers or clusters -{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %} - [[inputs.elasticsearch]] - servers = ["https://{{ MANAGER }}:9200"] -{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} - username = "{{ ES_USER }}" - password = "{{ ES_PASS }}" -{% endif %} - insecure_skip_verify = true -{% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %} - [[inputs.elasticsearch]] - servers = ["https://{{ NODEIP }}:9200"] - username = "{{ ES_USER }}" - password = "{{ ES_PASS }}" - insecure_skip_verify = true -{% endif %} +{%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %} +[[inputs.elasticsearch]] + servers = ["https://{{ MANAGER }}:9200"] + cluster_stats = true +{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + username = "{{ ES_USER }}" + password = "{{ ES_PASS }}" +{%- endif %} + insecure_skip_verify = true +{%- elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %} +[[inputs.elasticsearch]] + servers = ["https://{{ NODEIP }}:9200"] + cluster_stats = true +{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + username = "{{ ES_USER }}" + password = "{{ ES_PASS }}" +{%- endif %} + insecure_skip_verify = true +{%- endif %} -# # ## Timeout for HTTP requests to the elastic search server(s) # http_timeout = "5s" # @@ -669,9 +677,32 @@ # ## Use TLS but skip chain & host verification # # insecure_skip_verify = false +{% if grains.role in ['so-node','so-standalone','so-manager', 'so-managersearch', 'so-heavynode'] -%} +[[inputs.logstash]] + url = "http://localhost:9600" + collect = ["pipelines"] +{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + username = "{{ salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user') }}" + password = "{{ salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass') }}" +{%- endif %} +{%- endif %} + +{# if grains.role in ['so-eval','so-standalone','so-manager', 'so-managersearch', 'so-heavynode'] -%} +[[inputs.redis]] + servers = ["tcp://localhost:6379"] +{%- endif #} + +{%- if grains.role in ['so-node', 'so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %} +[[inputs.beat]] + url = "http://127.0.0.1:5066" + include = ["filebeat", "libbeat"] +{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + username = "{{ salt['pillar.get']('elasticsearch:auth:users:so_beats_user:user') }}" + password = "{{ salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass') }}" +{%- endif %} +{%- endif %} # # Read metrics from one or more commands that can output to stdout - [[inputs.exec]] commands = [ "/scripts/sostatus.sh" @@ -680,7 +711,6 @@ timeout = "15s" interval = "60s" - # ## Commands array {% if grains['role'] in ['so-manager'] %} [[inputs.exec]] @@ -721,10 +751,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} + {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", - {% endif %} + {%- endif %} "/scripts/oldpcap.sh", "/scripts/raid.sh", "/scripts/beatseps.sh" @@ -734,13 +764,14 @@ {% elif grains['role'] == 'so-heavynode' %} [[inputs.exec]] commands = [ + "/scripts/redis.sh", "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} + {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", - {% endif %} + {%- endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh", @@ -756,10 +787,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} + {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", - {% endif %} + {%- endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh", @@ -774,10 +805,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} + {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", - {% endif %} + {%- endif %} "/scripts/oldpcap.sh", "/scripts/influxdbsize.sh", "/scripts/raid.sh", @@ -791,10 +822,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} + {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", - {% endif %} + {%- endif %} "/scripts/oldpcap.sh", "/scripts/helixeps.sh" ] @@ -832,12 +863,18 @@ # ## more about them here: # ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md # data_format = "influx" -{% if salt['pillar.get']('healthcheck:enabled', 'False') %} +{%- if salt['pillar.get']('healthcheck:enabled', False) %} [[inputs.file]] files = ["/host/nsm/zeek/logs/zeek_restart.log"] data_format = "influx" -{% endif %} - +{%- endif %} +[[inputs.file]] + files = ["/etc/telegraf/node_config.json"] + name_override = "node_config" + data_format = "json" + interval = "5m" + json_string_fields = ['manint', 'monint'] + tag_keys = ['role'] # # Count files in a directory # [[inputs.filecount]] diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 14373fe9d..600d7ddf7 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -5,6 +5,9 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +include: + - ssl + # Add Telegraf to monitor all the things. tgraflogdir: file.directory: @@ -41,6 +44,15 @@ tgrafconf: - mode: 660 - template: jinja - source: salt://telegraf/etc/telegraf.conf + - show_changes: False + +#this file will be read by telegraf to send node details(management interface, monitor interface, etc) +# into influx so that grafan can build dashboards using queries +node_config: + file.managed: + - name: /opt/so/conf/telegraf/node_config.json + - source: salt://telegraf/node_config.json.jinja + - template: jinja so-telegraf: docker_container.running: @@ -56,6 +68,7 @@ so-telegraf: - binds: - /opt/so/log/telegraf:/var/log/telegraf:rw - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro + - /opt/so/conf/telegraf/node_config.json:/etc/telegraf/node_config.json:ro - /var/run/utmp:/var/run/utmp:ro - /var/run/docker.sock:/var/run/docker.sock:ro - /:/host/root:ro @@ -78,7 +91,17 @@ so-telegraf: - watch: - file: tgrafconf - file: tgrafsyncscripts - + - file: node_config + - require: + - file: tgrafconf + - file: node_config + {% if grains['role'] == 'so-manager' or grains['role'] == 'so-eval' or grains['role'] == 'so-managersearch' %} + - x509: pki_public_ca_crt + {% else %} + - x509: trusttheca + {% endif %} + - x509: influxdb_crt + - x509: influxdb_key append_so-telegraf_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf diff --git a/salt/telegraf/node_config.json.jinja b/salt/telegraf/node_config.json.jinja new file mode 100644 index 000000000..482590f2b --- /dev/null +++ b/salt/telegraf/node_config.json.jinja @@ -0,0 +1,6 @@ +{ +{%- if grains.role in ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %} + "monint": "{{ salt['pillar.get']('sensor:interface', '') }}", +{%- endif %} + "manint": "{{ salt['pillar.get']('host:mainint', '') }}" +} diff --git a/salt/telegraf/scripts/beatseps.sh b/salt/telegraf/scripts/beatseps.sh index 5e8256c22..5a1765620 100644 --- a/salt/telegraf/scripts/beatseps.sh +++ b/salt/telegraf/scripts/beatseps.sh @@ -15,9 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then PREVCOUNTFILE='/tmp/beatseps.txt' EVENTCOUNTCURRENT="$(curl -s localhost:5066/stats | jq '.libbeat.output.events.acked')" @@ -42,7 +41,6 @@ if [ ! "$THEGREP" ]; then echo "fbstats eps=${EVENTS%%.*},failed=$FAILEDEVENTCOUNT" fi -else - exit 0 fi +exit 0 diff --git a/salt/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh index 5c6ab56c1..02510706a 100644 --- a/salt/telegraf/scripts/checkfiles.sh +++ b/salt/telegraf/scripts/checkfiles.sh @@ -15,13 +15,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then FILES=$(ls -1x /host/nsm/strelka/unprocessed | wc -l) - echo "faffiles files=$FILES" -else - exit 0 -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/telegraf/scripts/eps.sh b/salt/telegraf/scripts/eps.sh index b497c2519..7181ff140 100644 --- a/salt/telegraf/scripts/eps.sh +++ b/salt/telegraf/scripts/eps.sh @@ -15,9 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then PREVCOUNTFILE='/tmp/eps.txt' EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.events.in')" @@ -40,7 +39,7 @@ if [ ! "$THEGREP" ]; then echo "consumptioneps eps=${EVENTS%%.*}" fi -else - exit 0 + fi +exit 0 diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh index 1411cc40b..f8201df2a 100644 --- a/salt/telegraf/scripts/helixeps.sh +++ b/salt/telegraf/scripts/helixeps.sh @@ -15,9 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then PREVCOUNTFILE='/tmp/helixevents.txt' EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')" @@ -39,6 +38,7 @@ if [ ! "$THEGREP" ]; then echo "helixeps eps=${EVENTS%%.*}" fi -else - exit 0 -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh index 46e230a8a..9f9c6f315 100644 --- a/salt/telegraf/scripts/influxdbsize.sh +++ b/salt/telegraf/scripts/influxdbsize.sh @@ -15,13 +15,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then INFLUXSIZE=$(du -s -k /host/nsm/influxdb | awk {'print $1'}) - echo "influxsize kbytes=$INFLUXSIZE" -else - exit 0 -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh index f23c0c83f..947e978d1 100644 --- a/salt/telegraf/scripts/oldpcap.sh +++ b/salt/telegraf/scripts/oldpcap.sh @@ -15,9 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then # Get the data OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'}) @@ -25,6 +24,7 @@ if [ ! "$THEGREP" ]; then AGE=$(($DATE - $OLDPCAP)) echo "pcapage seconds=$AGE" -else - exit 0 -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/telegraf/scripts/raid.sh b/salt/telegraf/scripts/raid.sh index f237e8021..391e568d4 100644 --- a/salt/telegraf/scripts/raid.sh +++ b/salt/telegraf/scripts/raid.sh @@ -15,17 +15,18 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) -RAIDLOG=/var/log/raid/status.log -RAIDSTATUS=$(cat /var/log/raid/status.log) +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then -if [ ! "$THEGREP" ]; then + RAIDLOG=/var/log/raid/status.log + RAIDSTATUS=$(cat /var/log/raid/status.log) if [ -f "$RAIDLOG" ]; then echo "raid $RAIDSTATUS" else exit 0 fi -else - exit 0 + fi + +exit 0 diff --git a/salt/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh index b448bba2d..d499ef44f 100644 --- a/salt/telegraf/scripts/redis.sh +++ b/salt/telegraf/scripts/redis.sh @@ -15,14 +15,14 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then UNPARSED=$(redis-cli llen logstash:unparsed | awk '{print $1}') PARSED=$(redis-cli llen logstash:parsed | awk '{print $1}') echo "redisqueue unparsed=$UNPARSED,parsed=$PARSED" -else - exit 0 + fi + +exit 0 diff --git a/salt/telegraf/scripts/sostatus.sh b/salt/telegraf/scripts/sostatus.sh index a7222b67d..4eef34c1c 100644 --- a/salt/telegraf/scripts/sostatus.sh +++ b/salt/telegraf/scripts/sostatus.sh @@ -14,9 +14,9 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then SOSTATUSLOG=/var/log/sostatus/status.log SOSTATUSSTATUS=$(cat /var/log/sostatus/status.log) @@ -26,6 +26,7 @@ if [ ! "$THEGREP" ]; then else exit 0 fi -else - exit 0 + fi + +exit 0 diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index 028637e16..20e860285 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -15,29 +15,33 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then -if [ ! "$THEGREP" ]; then + CHECKIT=$(grep "Thread 0" /var/log/stenographer/stenographer.log |tac |head -2|wc -l) + STENOGREP=$(grep "Thread 0" /var/log/stenographer/stenographer.log |tac |head -2) - TSFILE=/var/log/telegraf/laststenodrop.log - if [ -f "$TSFILE" ]; then - LASTTS=$(cat $TSFILE) - else - LASTTS=0 + declare RESULT=($STENOGREP) + + CURRENT_PACKETS=$(echo ${RESULT[9]} | awk -F'=' '{print $2 }') + CURRENT_DROPS=$(echo ${RESULT[12]} | awk -F'=' '{print $2 }') + PREVIOUS_PACKETS=$(echo ${RESULT[23]} | awk -F'=' '{print $2 }') + PREVIOUS_DROPS=$(echo ${RESULT[26]} | awk -F'=' '{print $2 }') + + DROPPED=$((CURRENT_DROPS - PREVIOUS_DROPS)) + TOTAL_CURRENT=$((CURRENT_PACKETS + CURRENT_DROPS)) + TOTAL_PAST=$((PREVIOUS_PACKETS + PREVIOUS_DROPS)) + TOTAL=$((TOTAL_CURRENT - TOTAL_PAST)) + + if [ $CHECKIT == 2 ]; then + if [ $DROPPED == 0 ]; then + echo "stenodrop drop=$DROPPED" + else + LOSS=$(echo "4 k $DROPPED $TOTAL / 100 * p" | dc) + echo "stenodrop drop=$LOSS" + fi fi - # Get the data - LOGLINE=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop) - CURRENTTS=$(echo $LOGLINE | awk '{print $1}') +fi - if [[ "$CURRENTTS" != "$LASTTS" ]]; then - DROP=$(echo $LOGLINE | awk '{print $14}' | awk -F "=" '{print $2}') - echo $CURRENTTS > $TSFILE - else - DROP=0 - fi - - echo "stenodrop drop=$DROP" -else - exit 0 -fi \ No newline at end of file +exit 0 diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index 2d0a56106..ef458a4f3 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -16,9 +16,8 @@ # along with this program. If not, see . -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4) CHECKIT=$(echo $SURILOG | grep -o 'drop' | wc -l) @@ -43,6 +42,7 @@ if [ ! "$THEGREP" ]; then echo "suridrop drop=$LOSS" fi fi -else - echo "suridrop drop=0" -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index 6cb2dd2e2..6b3f7036c 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -18,9 +18,8 @@ # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then if [ -d "/host/nsm/zeek/spool/logger" ]; then WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }} @@ -45,6 +44,7 @@ if [ ! "$THEGREP" ]; then fi echo "$CURRENTTS" > $LASTCAPTURELOSSLOG fi -else - exit 0 + fi + +exit 0 diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh index 3dbd42833..4d33841a3 100644 --- a/salt/telegraf/scripts/zeekloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -17,9 +17,8 @@ # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage -THEGREP=$(ps -ef | grep $0 | grep -v $$ | grep -v grep) - -if [ ! "$THEGREP" ]; then +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) declare RESULT=($ZEEKLOG) @@ -43,6 +42,7 @@ if [ ! "$THEGREP" ]; then LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc) echo "zeekdrop drop=$LOSS" fi -else - exit 0 -fi \ No newline at end of file + +fi + +exit 0 diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index d1ee8a4bf..d7050e226 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -73,6 +73,14 @@ thehiveesdata: - user: 939 - group: 939 +thehive_elasticsearch_yml: + file.exists: + - name: /opt/so/conf/thehive/etc/es/elasticsearch.yml + +log4j2_properties: + file.exists: + - name: /opt/so/conf/thehive/etc/es/log4j2.properties + so-thehive-es: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }} @@ -91,12 +99,23 @@ so-thehive-es: - port_bindings: - 0.0.0.0:9400:9400 - 0.0.0.0:9500:9500 + - require: + - file: thehive_elasticsearch_yml + - file: log4j2_properties append_so-thehive-es_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-thehive-es +cortex_application_conf: + file.exists: + - name: /opt/so/conf/thehive/etc/cortex-application.conf + +application_conf: + file.exists: + - name: /opt/so/conf/thehive/etc/application.conf + # Install Cortex so-cortex: docker_container.running: @@ -110,6 +129,8 @@ so-cortex: - /opt/so/conf/cortex/custom-responders:/custom-responders:ro - port_bindings: - 0.0.0.0:9001:9001 + - require: + - file: cortex_application_conf append_so-cortex_so-status.conf: file.append: @@ -135,6 +156,8 @@ so-thehive: - /opt/so/conf/thehive/etc/application.conf:/opt/thehive/conf/application.conf:ro - port_bindings: - 0.0.0.0:9000:9000 + - require: + - file: application_conf append_so-thehive_so-status.conf: file.append: diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index c2f00390d..fd0387131 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -29,7 +29,7 @@ cortex_init(){ CORTEX_ORG_USER_KEY="{{CORTEXORGUSERKEY}}" SOCTOPUS_CONFIG="$default_salt_dir/salt/soctopus/files/SOCtopus.conf" - if wait_for_web_response $CORTEX_URL "Cortex"; then + if wait_for_web_response $CORTEX_URL "Cortex" 120; then # Migrate DB curl -sk -XPOST -L "$CORTEX_API_URL/maintenance/migrate" @@ -65,7 +65,7 @@ if [ -f /opt/so/state/cortex.txt ]; then cortex_clean exit 0 else - if wait_for_web_response http://{{MANAGERIP}}:9400/_cluster/health '"status":"green"'; then + if wait_for_web_response http://{{MANAGERIP}}:9400/_cluster/health '"status":"green"' 120; then cortex_init cortex_clean else diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index ca6f7aa2b..7ace6137b 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -20,7 +20,7 @@ thehive_init(){ SOCTOPUS_CONFIG="/opt/so/saltstack/salt/soctopus/files/SOCtopus.conf" echo -n "Waiting for TheHive..." - if wait_for_web_response $THEHIVE_URL "TheHive"; then + if wait_for_web_response $THEHIVE_URL "TheHive" 120; then # Migrate DB curl -sk -XPOST -L "$THEHIVE_API_URL/maintenance/migrate" @@ -43,7 +43,7 @@ if [ -f /opt/so/state/thehive.txt ]; then thehive_clean exit 0 else - if wait_for_web_response http://{{MANAGERIP}}:9400/_cluster/health '"status":"green"'; then + if wait_for_web_response http://{{MANAGERIP}}:9400/_cluster/health '"status":"green"' 120; then thehive_init thehive_clean else diff --git a/salt/top.sls b/salt/top.sls index ef1f20599..7739652b2 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -11,7 +11,6 @@ {% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %} {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %} {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} -{% set CURATOR = salt['pillar.get']('curator:enabled', True) %} {% set REDIS = salt['pillar.get']('redis:enabled', True) %} {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %} {% import_yaml 'salt/minion.defaults.yaml' as saltversion %} @@ -101,6 +100,7 @@ base: - influxdb - grafana - soc + - kratos - firewall - idstools - suricata.manager @@ -128,15 +128,13 @@ base: {%- if FILEBEAT %} - filebeat {%- endif %} - {%- if CURATOR %} - curator - {%- endif %} {%- if ELASTALERT %} - elastalert {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - - fleet - redis + - fleet - fleet.install_package {%- endif %} - utility @@ -157,6 +155,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_manager and G@saltversion:{{saltversion}}': - match: compound @@ -170,6 +169,7 @@ base: - influxdb - grafana - soc + - kratos - firewall - manager - idstools @@ -192,12 +192,14 @@ base: {%- if KIBANA %} - kibana {%- endif %} + - curator {%- if ELASTALERT %} - elastalert {%- endif %} {%- if FILEBEAT %} - filebeat {%- endif %} + - curator - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} @@ -219,6 +221,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_standalone and G@saltversion:{{saltversion}}': - match: compound @@ -233,6 +236,7 @@ base: - influxdb - grafana - soc + - kratos - firewall - idstools - suricata.manager @@ -266,9 +270,7 @@ base: {%- if FILEBEAT %} - filebeat {%- endif %} - {%- if CURATOR %} - curator - {%- endif %} {%- if ELASTALERT %} - elastalert {%- endif %} @@ -293,6 +295,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_searchnode and G@saltversion:{{saltversion}}': - match: compound @@ -311,9 +314,7 @@ base: {%- if LOGSTASH %} - logstash {%- endif %} - {%- if CURATOR %} - curator - {%- endif %} {%- if FILEBEAT %} - filebeat {%- endif %} @@ -336,6 +337,7 @@ base: - influxdb - grafana - soc + - kratos - firewall - manager - idstools @@ -355,9 +357,7 @@ base: {%- if REDIS %} - redis {%- endif %} - {%- if CURATOR %} - curator - {%- endif %} {%- if KIBANA %} - kibana {%- endif %} @@ -367,7 +367,6 @@ base: {%- if FILEBEAT %} - filebeat {%- endif %} - - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} @@ -389,6 +388,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_heavynode and G@saltversion:{{saltversion}}': - match: compound @@ -410,9 +410,7 @@ base: {%- if REDIS %} - redis {%- endif %} - {%- if CURATOR %} - curator - {%- endif %} {%- if FILEBEAT %} - filebeat {%- endif %} @@ -460,6 +458,7 @@ base: - manager - nginx - soc + - kratos - firewall - idstools - suricata.manager @@ -479,3 +478,4 @@ base: - schedule - docker_clean - pipeline.load + - learn diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index ca130ae90..8128aaa8e 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -100,8 +100,8 @@ wait_for_manager() { echo "Received non-Active status response: " echo "$AGENTS_OUTPUT" echo - echo "Manager is not ready after attempt $attempts of $maxAttempts, sleeping for 30 seconds." - sleep 30 + echo "Manager is not ready after attempt $attempts of $maxAttempts, sleeping for 15 seconds." + sleep 15 fi done return 1 @@ -165,7 +165,7 @@ if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then echo "Agent $AGENT_ID already registered!" exit 0 else - retries=30 + retries=20 if wait_for_manager $retries; then if register_agent; then cleanup_creds diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index ce0d6dccd..fa4cf4f0b 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -1,7 +1,21 @@ +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} -{% from "zeek/map.jinja" import START with context %} +{% from "zeek/map.jinja" import ZEEKOPTIONS with context %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} @@ -76,11 +90,14 @@ zeekpolicysync: # Ensure the zeek spool tree (and state.db) ownership is correct zeekspoolownership: file.directory: - - name: /nsm/zeek + - name: /nsm/zeek/spool - user: 937 - - max_depth: 1 - - recurse: - - user +zeekstatedbownership: + file.managed: + - name: /nsm/zeek/spool/state.db + - user: 937 + - replace: False + - create: False # Sync Intel zeekintelloadsync: @@ -102,7 +119,7 @@ zeekctlcfg: ZEEKCTL: {{ ZEEK.zeekctl | tojson }} # Sync node.cfg -nodecfgsync: +nodecfg: file.managed: - name: /opt/so/conf/zeek/node.cfg - source: salt://zeek/files/node.cfg @@ -132,7 +149,7 @@ plcronscript: - mode: 755 zeekpacketlosscron: - cron.present: + cron.{{ZEEKOPTIONS.pl_cron_state}}: - name: /usr/local/bin/packetloss.sh - user: root - minute: '*/10' @@ -168,7 +185,7 @@ zeekbpf: {% endif %} -localzeeksync: +localzeek: file.managed: - name: /opt/so/conf/zeek/local.zeek - source: salt://zeek/files/local.zeek.jinja @@ -179,9 +196,10 @@ localzeeksync: LOCAL: {{ ZEEK.local | tojson }} so-zeek: - docker_container.running: + docker_container.{{ ZEEKOPTIONS.status }}: + {% if ZEEKOPTIONS.status == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }} - - start: {{ START }} + - start: {{ ZEEKOPTIONS.start }} - privileged: True - ulimits: - core=0 @@ -204,6 +222,14 @@ so-zeek: - file: /opt/so/conf/zeek/zeekctl.cfg - file: /opt/so/conf/zeek/policy - file: /opt/so/conf/zeek/bpf + - require: + - file: localzeek + - file: nodecfg + - file: zeekctlcfg + - file: zeekbpf + {% else %} {# if Zeek isn't enabled, then stop and remove the container #} + - force: True + {% endif %} append_so-zeek_so-status.conf: file.append: @@ -211,12 +237,17 @@ append_so-zeek_so-status.conf: - text: so-zeek - unless: grep -q so-zeek /opt/so/conf/so-status/so-status.conf -{% if grains.role == 'so-import' %} -disable_so-zeek_so-status.conf: + {% if not ZEEKOPTIONS.start %} +so-zeek_so-status.disabled: file.comment: - name: /opt/so/conf/so-status/so-status.conf - regex: ^so-zeek$ -{% endif %} + {% else %} +delete_so-zeek_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-zeek$ + {% endif %} {% else %} @@ -224,4 +255,4 @@ disable_so-zeek_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/zeek/map.jinja b/salt/zeek/map.jinja index ad4d70e80..a0f92463e 100644 --- a/salt/zeek/map.jinja +++ b/salt/zeek/map.jinja @@ -1,6 +1,17 @@ -# don't start the docker container if it is an import node -{% if grains.id.split('_')|last == 'import' %} - {% set START = False %} +{% set ZEEKOPTIONS = {} %} +{% set ENABLED = salt['pillar.get']('zeek:enabled', True) %} + +# don't start the docker container if it is an import node or disabled via pillar +{% if grains.id.split('_')|last == 'import' or not ENABLED %} + {% do ZEEKOPTIONS.update({'start': False}) %} + {% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %} {% else %} - {% set START = True %} -{% endif %} \ No newline at end of file + {% do ZEEKOPTIONS.update({'start': True}) %} + {% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %} +{% endif %} + +{% if not ENABLED %} + {% do ZEEKOPTIONS.update({'status': 'absent'}) %} +{% else %} + {% do ZEEKOPTIONS.update({'status': 'running'}) %} +{% endif %} diff --git a/salt/zeek/policy/custom/README b/salt/zeek/policy/custom/README new file mode 100644 index 000000000..77ac7ad30 --- /dev/null +++ b/salt/zeek/policy/custom/README @@ -0,0 +1 @@ +# Place custom policies in /opt/so/saltstack/local/salt/zeek/policy/custom/ diff --git a/setup/automation/distributed-airgap-search b/setup/automation/distributed-airgap-search index 1acee9b1a..7a0888fee 100644 --- a/setup/automation/distributed-airgap-search +++ b/setup/automation/distributed-airgap-search @@ -35,7 +35,6 @@ ADMINPASS2=onionuser HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit HOSTNAME=distributed-search -INTERWEBS=AIRGAP install_type=SEARCHNODE # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor index c8186bf8a..91b9c24a9 100644 --- a/setup/automation/distributed-airgap-sensor +++ b/setup/automation/distributed-airgap-sensor @@ -35,7 +35,6 @@ ZEEKVERSION=ZEEK HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit HOSTNAME=distributed-sensor -INTERWEBS=AIRGAP install_type=SENSOR # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= diff --git a/setup/automation/distributed-ami-manager b/setup/automation/distributed-cloud-manager similarity index 95% rename from setup/automation/distributed-ami-manager rename to setup/automation/distributed-cloud-manager index 6f5fb93dc..b9e26beac 100644 --- a/setup/automation/distributed-ami-manager +++ b/setup/automation/distributed-cloud-manager @@ -61,7 +61,7 @@ OSQUERY=1 # PATCHSCHEDULEHOURS= PATCHSCHEDULENAME=auto PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) +REDIRECTHOST=$(cat /root/public_ip) REDIRECTINFO=OTHER RULESETUP=ETOPEN # SHARDCOUNT= diff --git a/setup/automation/distributed-ami-search b/setup/automation/distributed-cloud-search similarity index 100% rename from setup/automation/distributed-ami-search rename to setup/automation/distributed-cloud-search diff --git a/setup/automation/distributed-ami-sensor b/setup/automation/distributed-cloud-sensor similarity index 100% rename from setup/automation/distributed-ami-sensor rename to setup/automation/distributed-cloud-sensor diff --git a/setup/automation/eval-ami b/setup/automation/eval-cloud similarity index 94% rename from setup/automation/eval-ami rename to setup/automation/eval-cloud index ac8e42728..87994dad2 100644 --- a/setup/automation/eval-ami +++ b/setup/automation/eval-cloud @@ -34,7 +34,7 @@ GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=eval-aws +HOSTNAME=eval install_type=EVAL # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= @@ -61,7 +61,7 @@ OSQUERY=1 # PATCHSCHEDULEHOURS= PATCHSCHEDULENAME=auto PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) +REDIRECTHOST=$(cat /root/public_ip) REDIRECTINFO=OTHER RULESETUP=ETOPEN # SHARDCOUNT= diff --git a/setup/automation/import-ami b/setup/automation/import-cloud similarity index 95% rename from setup/automation/import-ami rename to setup/automation/import-cloud index 039e9caee..27fea980e 100644 --- a/setup/automation/import-ami +++ b/setup/automation/import-cloud @@ -61,7 +61,7 @@ NODEUPDATES=MANAGER # PATCHSCHEDULEHOURS= PATCHSCHEDULENAME=auto # PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) +REDIRECTHOST=$(cat /root/public_ip) REDIRECTINFO=OTHER RULESETUP=ETOPEN # SHARDCOUNT= diff --git a/setup/automation/standalone-ami b/setup/automation/standalone-cloud similarity index 94% rename from setup/automation/standalone-ami rename to setup/automation/standalone-cloud index c006b28fb..94fc26cbb 100644 --- a/setup/automation/standalone-ami +++ b/setup/automation/standalone-cloud @@ -34,7 +34,7 @@ GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=standalone-aws +HOSTNAME=standalone install_type=STANDALONE # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= @@ -61,7 +61,7 @@ OSQUERY=1 # PATCHSCHEDULEHOURS= PATCHSCHEDULENAME=auto PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) +REDIRECTHOST=$(cat /root/public_ip) REDIRECTINFO=OTHER RULESETUP=ETOPEN # SHARDCOUNT= diff --git a/setup/automation/standalone-iso-logscan b/setup/automation/standalone-iso-logscan new file mode 100644 index 000000000..d83ad73db --- /dev/null +++ b/setup/automation/standalone-iso-logscan @@ -0,0 +1,77 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=standalone +install_type=STANDALONE +LEARN_LOGSCAN_ENABLE=true +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +# REDIRECTHOST= +REDIRECTINFO=IP +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT= +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r diff --git a/setup/so-functions b/setup/so-functions index ff019953e..daf609f67 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -121,7 +121,7 @@ add_web_user() { { echo "Attempting to add administrator user for web interface..."; export SKIP_STATE_APPLY=true - echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER"; + echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER" "superuser"; unset SKIP_STATE_APPLY echo "Add user result: $?"; } >> "/root/so-user-add.log" 2>&1 @@ -229,9 +229,10 @@ check_service_status() { } check_salt_master_status() { + local timeout=$1 echo "Checking if we can talk to the salt master" >> "$setup_log" 2>&1 salt-call saltutil.kill_all_jobs > /dev/null 2>&1 - salt-call state.show_top > /dev/null 2>&1 + salt-call state.show_top -t $timeout > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then echo " Could not talk to salt master" >> "$setup_log" 2>&1 @@ -244,8 +245,9 @@ check_salt_master_status() { } check_salt_minion_status() { + local timeout=$1 echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 - salt "$MINION_ID" test.ping > /dev/null 2>&1 + salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then echo " Minion did not respond" >> "$setup_log" 2>&1 @@ -297,15 +299,6 @@ collect_adminuser_inputs() { done } -collect_cur_close_days() { - whiptail_cur_close_days "$CURCLOSEDAYS" - - while ! valid_int "$CURCLOSEDAYS"; do - whiptail_invalid_input - whiptail_cur_close_days "$CURCLOSEDAYS" - done -} - collect_dns() { whiptail_management_interface_dns "8.8.8.8,8.8.4.4" @@ -423,14 +416,28 @@ collect_homenet_snsr() { } collect_hostname() { + collect_hostname_validate + + while has_uppercase "$HOSTNAME"; do + if ! (whiptail_uppercase_warning); then + collect_hostname_validate + else + no_use_hostname=true + break + fi + done +} + +collect_hostname_validate() { if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi whiptail_set_hostname "$HOSTNAME" - if [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once + if [[ -z $default_hostname_flag ]] && [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once if ! (whiptail_avoid_default_hostname); then whiptail_set_hostname "$HOSTNAME" fi + default_hostname_flag=true fi while ! valid_hostname "$HOSTNAME"; do @@ -442,7 +449,7 @@ collect_hostname() { collect_int_ip_mask() { whiptail_management_interface_ip_mask - while ! valid_cidr "$manager_ip_mask"; do + while ! valid_ip4_cidr_mask "$manager_ip_mask"; do whiptail_invalid_input whiptail_management_interface_ip_mask "$manager_ip_mask" done @@ -459,10 +466,15 @@ collect_mngr_hostname() { whiptail_management_server "$MSRV" done + while [[ $MSRV == "$HOSTNAME" ]]; do + whiptail_invalid_hostname 0 + whiptail_management_server "$MSRV" + done + if ! getent hosts "$MSRV"; then whiptail_manager_ip - while ! valid_ip4 "$MSRVIP"; do + while ! valid_ip4 "$MSRVIP" || [[ $MSRVIP == "$MAINIP" || $MSRVIP == "127.0.0.1" ]]; do whiptail_invalid_input whiptail_manager_ip "$MSRVIP" done @@ -648,7 +660,23 @@ collect_proxy_details() { } collect_redirect_host() { - whiptail_set_redirect_host "$HOSTNAME" + collect_redirect_host_validate + + while has_uppercase "$REDIRECTHOST"; do + local text + ! valid_hostname "$REDIRECTHOST" && text="domain name" || text="hostname" + if ! (whiptail_uppercase_warning "$text"); then + collect_redirect_host_validate "$REDIRECTHOST" + else + break + fi + done +} + +collect_redirect_host_validate() { + local prefill=${1:-$HOSTNAME} + + whiptail_set_redirect_host "$prefill" while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do whiptail_invalid_input @@ -814,7 +842,7 @@ check_requirements() { local req_cores local req_storage local nic_list - readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g')" + readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')" local num_nics=${#nic_list[@]} if [[ "$standalone_or_dist" == 'standalone' ]]; then @@ -896,10 +924,11 @@ compare_main_nic_ip() { read -r -d '' message <<- EOM The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). - This is not a supported configuration, please remediate and rerun setup. + This is not a supported configuration, please remediate + and rerun setup. EOM - [[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 10 75 + [[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 11 75 kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 fi else @@ -1074,8 +1103,8 @@ detect_os() { OS=ubuntu if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then OSVER=bionic - elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then - OSVER=xenial + elif grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then + OSVER=focal else echo "We do not support your current version of Ubuntu." exit 1 @@ -1092,9 +1121,10 @@ detect_os() { installer_progress_loop() { local i=0 + local msg="${1:-Performing background actions...}" while true; do [[ $i -lt 98 ]] && ((i++)) - set_progress_str "$i" 'Checking that all required packages are installed and enabled...' nolog + set_progress_str "$i" "$msg" nolog [[ $i -gt 0 ]] && sleep 5s done } @@ -1159,10 +1189,11 @@ docker_install() { { yum clean expire-cache; if [[ ! $is_iso ]]; then - yum -y install docker-ce-20.10.5-3.el7 containerd.io-1.4.4-3.1.el7; + yum -y install docker-ce-20.10.5-3.el7 docker-ce-cli-20.10.5-3.el7 docker-ce-rootless-extras-20.10.5-3.el7 containerd.io-1.4.4-3.1.el7 fi - yum versionlock docker-ce-20.10.5-3.el7; - yum versionlock docker-ce-cli-20.10.5-3.el7; + yum versionlock docker-ce-20.10.5-3.el7 + yum versionlock docker-ce-cli-20.10.5-3.el7 + yum versionlock docker-ce-rootless-extras-20.10.5-3.el7 yum versionlock containerd.io-1.4.4-3.1.el7 } >> "$setup_log" 2>&1 @@ -1176,11 +1207,11 @@ docker_install() { add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; - esac - if [ $OSVER != "xenial" ]; then - retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1 - else - retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || exit 1 + esac + if [ $OSVER == "bionic" ]; then + retry 50 10 "apt-get -y install docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1 + elif [ $OSVER == "focal" ]; then + retry 50 10 "apt-get -y install docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1 fi fi docker_registry @@ -1197,7 +1228,7 @@ docker_registry() { mkdir -p /etc/docker >> "$setup_log" 2>&1 # This will get applied so docker can attempt to start if [ -z "$DOCKERNET" ]; then - DOCKERNET=172.17.0.0 + DOCKERNET=172.17.0.0 fi # Make the host use the manager docker registry DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 @@ -1328,7 +1359,7 @@ es_heapsize() { export ES_HEAP_SIZE if [[ "$install_type" =~ ^(EVAL|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then - NODE_ES_HEAP_SIZE=ES_HEAP_SIZE + NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE export NODE_ES_HEAP_SIZE fi } @@ -1346,7 +1377,7 @@ filter_unused_nics() { fi # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use) - filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') + filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g') readarray -t filtered_nics <<< "$filtered_nics" nic_list=() @@ -1389,7 +1420,7 @@ firewall_generate_templates() { cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1 - for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do + for i in analyst beats_endpoint endgame sensor manager minion osquery_endpoint search_node wazuh_endpoint; do $default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1 done @@ -1414,6 +1445,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) FLEETPASS=$(get_random_value) + FLEETSAPASS=$(get_random_value) FLEETJWT=$(get_random_value) GRAFANAPASS=$(get_random_value) if [[ "$THEHIVE" == "1" ]]; then @@ -1481,7 +1513,7 @@ host_pillar() { " mainint: '$MNIC'"\ "sensoroni:"\ " node_address: '$MAINIP'"\ - " node_description: '$NODE_DESCRIPTION'"\ + " node_description: '${NODE_DESCRIPTION//\'/''}'"\ "" > "$pillar_file" } @@ -1507,6 +1539,10 @@ install_cleanup() { info "Removing so-setup permission entry from sudoers file" sed -i '/so-setup/d' /etc/sudoers fi + + if [[ -z $SO_ERROR ]]; then + echo "Setup completed at $(date)" >> "$setup_log" 2>&1 + fi } import_registry_docker() { @@ -1540,7 +1576,7 @@ ls_heapsize() { export LS_HEAP_SIZE if [[ "$install_type" =~ ^(EVAL|MANAGERSEARCH|STANDALONE)$ ]]; then - NODE_LS_HEAP_SIZE=LS_HEAP_SIZE + NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE export NODE_LS_HEAP_SIZE fi } @@ -1570,7 +1606,6 @@ manager_pillar() { printf '%s\n'\ " elastalert: 1"\ " es_port: $node_es_port"\ - " cur_close_days: $CURCLOSEDAYS"\ " grafana: $GRAFANA"\ " osquery: $OSQUERY"\ " thehive: $THEHIVE"\ @@ -1608,6 +1643,15 @@ manager_pillar() { printf '%s\n'\ " kratoskey: '$KRATOSKEY'"\ "" >> "$pillar_file" + printf '%s\n'\ + "soc:"\ + " es_index_patterns: '*:so-*,*:endgame-*'"\ + "" >> "$pillar_file" + if [[ -n $ENDGAMEHOST ]]; then + printf '%s\n'\ + " endgamehost: '$ENDGAMEHOST'"\ + "" >> "$pillar_file" + fi } manager_global() { @@ -1638,6 +1682,10 @@ manager_global() { " url_base: '$REDIRECTIT'"\ " managerip: '$MAINIP'" > "$global_pillar" + if [[ $HIGHLANDER == 'True' ]]; then + printf '%s\n'\ + " highlander: True"\ >> "$global_pillar" + fi if [[ $is_airgap ]]; then printf '%s\n'\ " airgap: True"\ >> "$global_pillar" @@ -1694,18 +1742,20 @@ manager_global() { " hot_warm: False"\ "elastic:"\ " features: False"\ - "elasticsearch:"\ - " replicas: 0" >> "$global_pillar" + "elasticsearch:"\ >> "$global_pillar" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'" >> "$global_pillar" + " config:"\ + " cluster:"\ + " name: '$ESCLUSTERNAME'" >> "$global_pillar" else printf '%s\n'\ - " true_cluster: False"\ - " true_cluster_name: 'so'" >> "$global_pillar" + " true_cluster: False" >> "$global_pillar" fi + printf '%s\n'\ + " replicas: 0"\ " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ @@ -1835,9 +1885,6 @@ network_setup() { { echo "Finishing up network setup"; - echo "... Verifying all network devices are managed by Network Manager"; - check_network_manager_conf; - echo "... Copying 99-so-checksum-offload-disable"; cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ; @@ -2001,7 +2048,7 @@ reinstall_init() { if command -v docker &> /dev/null; then # Stop and remove all so-* containers so files can be changed with more safety - if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then + if [[ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]]; then docker stop $(docker ps -a -q --filter "name=so-") docker rm -f $(docker ps -a -q --filter "name=so-") fi @@ -2020,6 +2067,10 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final + if [[ $OS == 'ubuntu' ]]; then + apt-mark unhold $(apt-mark showhold) + fi + } >> "$setup_log" 2>&1 } @@ -2114,6 +2165,7 @@ saltify() { python36-m2crypto\ python36-mysql\ python36-packaging\ + python36-lxml\ yum-utils\ device-mapper-persistent-data\ lvm2\ @@ -2127,9 +2179,12 @@ saltify() { else DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1 - if [ $OSVER != "xenial" ]; then - # Switch to Python 3 as default if this is not xenial + if [ $OSVER == "bionic" ]; then + # Switch to Python 3 as default for bionic update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1 + elif [ $OSVER == "focal" ]; then + # Switch to Python 3 as default for focal + update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 >> "$setup_log" 2>&1 fi local pkg_arr=( @@ -2147,21 +2202,16 @@ saltify() { # Grab the version from the os-release file local ubuntu_version ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}') - if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi case "$install_type" in 'FLEET') - if [[ $OSVER != 'xenial' ]]; then - retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 - else - retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || exit 1 - fi + retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') # Add saltstack repo(s) - wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + wget -q --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -2169,7 +2219,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 @@ -2193,7 +2243,7 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac @@ -2202,11 +2252,7 @@ saltify() { set_progress_str 8 'Installing salt-minion & python modules' retry 50 10 "apt-get -y install salt-minion=3003+ds-1 salt-common=3003+ds-1" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1 - if [[ $OSVER != 'xenial' ]]; then - retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb" >> "$setup_log" 2>&1 || exit 1 - else - retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb python-packaging python-influxdb" >> "$setup_log" 2>&1 || exit 1 - fi + retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1 fi } @@ -2253,28 +2299,32 @@ salt_checkin() { done done - count=0 - while ! (check_salt_master_status); do - echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 - if [ $count -gt 30 ]; then - echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 + count=1 + timeout=60 + while ! (check_salt_master_status $timeout); do + echo "salt minion cannot talk to salt master after $timeout seconds" >> "$setup_log" 2>&1 + if [ $count -gt 2 ]; then + echo "salt minion could not talk to salt master after $count attempts, exiting" >> "$setup_log" 2>&1 exit 1 fi sleep 1; ((count++)) + ((timeout+=30)) # add 30s to the timeout each attempt done - count=0 - while ! (check_salt_minion_status); do - echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 - if [ $count -gt 30 ]; then - echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 + count=1 + timeout=60 + while ! (check_salt_minion_status $timeout) ; do + echo "salt master did not get a job response from salt minion after $timeout seconds" >> "$setup_log" 2>&1 + if [ $count -gt 2 ]; then + echo "salt master did not get a job response from salt minion after $count attempts, exiting" >> "$setup_log" 2>&1 exit 1 fi systemctl kill salt-minion systemctl start salt-minion sleep 1; ((count++)) + ((timeout+=30)) # add 30s to the timeout each attempt done echo " Confirming existence of the CA certificate" @@ -2325,6 +2375,8 @@ secrets_pillar(){ " playbook_automation: $PLAYBOOKAUTOMATIONPASS"\ " grafana_admin: $GRAFANAPASS"\ " fleet: $FLEETPASS"\ + " fleet_sa_email: service.account@securityonion.invalid"\ + " fleet_sa_password: $FLEETSAPASS"\ " fleet_jwt: $FLEETJWT"\ " fleet_enroll-secret: False" > $local_salt_dir/pillar/secrets.sls fi @@ -2765,7 +2817,7 @@ update_sudoers() { update_packages() { if [ "$OS" = 'centos' ]; then yum repolist >> /dev/null - yum -y update --exclude=salt* >> "$setup_log" + yum -y update --exclude=salt*,wazuh*,docker*,containerd* >> "$setup_log" else retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 diff --git a/setup/so-preflight b/setup/so-preflight old mode 100644 new mode 100755 index e58feebd2..3050c94cb --- a/setup/so-preflight +++ b/setup/so-preflight @@ -15,33 +15,72 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +cd "$(dirname "$0")" || exit 255 + source ../salt/common/tools/sbin/so-common source ./so-functions -preflight_log='/root/preflight.log' +script_run="$1" + +retry_count=10 +retry_sleep=5 +warning_prefix="[WARNING]" +info_prefix="[INFO ]" +error_prefix="[ERROR ]" + +if [[ $script_run == true ]]; then + preflight_log="${2:-'/root/preflight.log'}" +else + preflight_log='/root/preflight.log' +fi check_default_repos() { local ret_code=0 - - printf ' Checking OS default repos with ' | tee -a "$preflight_log" - if [[ $OS == 'centos' ]]; then - printf '%s' 'yum update.' | tee -a "$preflight_log" - echo "" >> "$preflight_log" - yum -y update >> $preflight_log 2>&1 - ret_code=$? + local repo_str=' Checking OS default repos with ' + if [[ $script_run == true ]]; then + printf '%s' "$repo_str" else - printf '%s' 'apt update.' | tee -a "$preflight_log" + printf '%s' "$repo_str" | tee -a "$preflight_log" + fi + + if [[ $OS == 'centos' ]]; then + if [[ $script_run == true ]]; then + printf '%s' 'yum update.' + else + printf '%s' 'yum update.' | tee -a "$preflight_log" + fi + echo "" >> "$preflight_log" + yum -y check-update >> $preflight_log 2>&1 + ret_code=$? + if [[ $ret_code == 0 || $ret_code == 100 ]]; then + printf '%s\n' ' SUCCESS' + ret_code=0 + else + printf '%s\n' ' FAILURE' + fi + else + if [[ $script_run == true ]]; then + printf '%s' 'apt update.' + else + printf '%s' 'apt update.' | tee -a "$preflight_log" + fi echo "" >> "$preflight_log" retry 50 10 "apt-get -y update" >> $preflight_log 2>&1 ret_code=$? + [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' + fi - [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' return $ret_code } check_new_repos() { - printf ' Checking repo URLs added by setup.' | tee -a "$preflight_log" + local repo_url_str=' Checking repo URLs added by setup.' + if [[ $script_run == true ]]; then + printf '%s' "$repo_url_str" + else + printf '%s' "$repo_url_str" | tee -a "$preflight_log" + fi if [[ $OS == 'centos' ]]; then local repo_arr=( @@ -54,11 +93,10 @@ check_new_repos() { else local ubuntu_version ubuntu_version=$(grep VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}') - if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi local repo_arr=( "https://download.docker.com/linux/ubuntu/gpg" "https://download.docker.com/linux/ubuntu" - "https://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003/SALTSTACK-GPG-KEY.pub" + "https://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003/SALTSTACK-GPG-KEY.pub" "https://packages.wazuh.com/key/GPG-KEY-WAZUH" "https://packages.wazuh.com" ) @@ -71,9 +109,15 @@ check_new_repos() { } check_misc_urls() { - printf ' Checking various other URLs used by setup.' | tee -a "$preflight_log" + local misc_url_str=' Checking various other URLs used by setup.' + if [[ $script_run == true ]]; then + printf '%s' "$misc_url_str" + else + printf '%s' "$misc_url_str" | tee -a "$preflight_log" + fi - local so_version=$(cat ../VERSION) + local so_version + so_version=$(cat ../VERSION) local url_arr=( "https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS" "https://github.com/Neo23x0/signature-base" @@ -93,19 +137,31 @@ __check_url_arr() { local ret_code=0 echo "" >> "$preflight_log" for url in "$@"; do - local status - status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null) - local ret=$? + # Reset vars + local status=999 # Set status to something outside the range of normal HTTP codes but above the 200 range + local ret=1 + local count=0 + + while [[ $ret != 0 && $count -lt $retry_count ]]; do + ((count++)) + [[ $count != 1 ]] && sleep $retry_sleep + status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null) + ret=$? + local count_str + printf -v count_str '%02d' "$count" + [[ $ret != 0 ]] && echo "$warning_prefix ($count_str/$retry_count) Could not reach $url, curl error code: $ret" >> "$preflight_log" + done + if [[ $ret == 0 ]]; then - printf '%s' " - Successfully reached $url" >> "$preflight_log" + url_success_str="Successfully reached $url" if [[ $status -ge 400 ]]; then - printf '%s\n' " but server responded with error code $status" >> "$preflight_log" + echo "$warning_prefix $url_success_str but server responded with HTTP code $status." >> "$preflight_log" else - printf '\n' >> "$preflight_log" + printf '%s\n' "$info_prefix $url_success_str" >> "$preflight_log" fi else ret_code=1 - echo " - [ERROR]: Could not reach $url" >> "$preflight_log" + echo "$error_prefix Could not reach $url after $retry_count attempts." >> "$preflight_log" fi done echo "" >> "$preflight_log" @@ -113,10 +169,19 @@ __check_url_arr() { } main() { - detect_os "$preflight_log" + local intro_str="Beginning pre-flight checks." + local success_str="Pre-flight checks completed successfully!" + local fail_str="Pre-flight checks could not complete." [[ -f $preflight_log ]] || touch "$preflight_log" - echo "Beginning pre-flight checks." | tee "$preflight_log" + + detect_os "$preflight_log" + + if [[ $script_run == true ]]; then + echo "$intro_str" + else + echo "$intro_str" | tee "$preflight_log" + fi check_default_repos &&\ check_new_repos &&\ check_misc_urls @@ -125,12 +190,23 @@ main() { echo "" if [[ $success == 0 ]]; then - echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log" + if [[ $script_run == true ]]; then + echo "$success_str" + else + echo "$success_str" | tee -a "$preflight_log" + echo "" + fi else - echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log" - echo -e " Check $preflight_log for details.\n" - exit 1 + if [[ $script_run == true ]]; then + echo "$fail_str" + else + echo "$fail_str" | tee -a "$preflight_log" + echo "Check $preflight_log for details." + echo "" + fi fi + + exit $success } main diff --git a/setup/so-setup b/setup/so-setup index 68490657f..1893d252b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -256,7 +256,8 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then elif [ "$install_type" = 'IMPORT' ]; then is_import=true elif [ "$install_type" = 'ANALYST' ]; then - is_analyst=true + cd .. || exit 255 + exec bash so-analyst-install fi if [[ $is_manager || $is_import ]]; then @@ -264,14 +265,6 @@ if [[ $is_manager || $is_import ]]; then fi if ! [[ -f $install_opt_file ]]; then - # Check if this is an airgap install - if [[ ( $is_manager || $is_import || $is_minion ) && $is_iso ]]; then - whiptail_airgap - if [[ "$INTERWEBS" == 'AIRGAP' ]]; then - is_airgap=true - fi - fi - if [[ $is_manager && $is_sensor ]]; then check_requirements "standalone" elif [[ $is_fleet_standalone ]]; then @@ -311,17 +304,29 @@ if ! [[ -f $install_opt_file ]]; then add_mngr_ip_to_hosts fi + if [[ $is_minion ]]; then + whiptail_ssh_key_copy_notice + copy_ssh_key >> $setup_log 2>&1 + fi + + # Check if this is an airgap install + if [[ ( $is_manager || $is_import) && $is_iso ]]; then + whiptail_airgap + if [[ "$INTERWEBS" == 'AIRGAP' ]]; then + is_airgap=true + fi + elif [[ $is_minion && $is_iso ]]; then + $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" [[ -f /etc/yum.repos.d/airgap_repo.repo ]] >> $setup_log 2>&1 + airgap_check=$? + [[ $airgap_check ]] && is_airgap=true >> $setup_log 2>&1 + fi + reset_proxy if [[ -z $is_airgap ]]; then collect_net_method [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 fi - if [[ $is_minion ]]; then - whiptail_ssh_key_copy_notice - copy_ssh_key >> $setup_log 2>&1 - fi - if [[ $is_minion ]] && ! (compare_versions); then info "Installer version mismatch, downloading correct version from manager" printf '%s\n' \ @@ -336,19 +341,31 @@ if ! [[ -f $install_opt_file ]]; then download_repo_tarball exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" fi - - if [[ $is_analyst ]]; then - cd .. || exit 255 - exec bash so-analyst-install - fi - else rm -rf $install_opt_file >> "$setup_log" 2>&1 fi +if [[ -z $is_airgap ]]; then + percentage=0 + { + installer_progress_loop 'Running preflight checks...' & + progress_bg_proc=$! + ./so-preflight true "$setup_log" >> $setup_log 2>&1 + preflight_ret=$? + echo "$preflight_ret" > /tmp/preflight_ret + kill -9 "$progress_bg_proc" + wait "$progress_bg_proc" &> /dev/null + } | progress '...' + [[ -f /tmp/preflight_ret ]] && preflight_ret=$(cat /tmp/preflight_ret) + rm /tmp/preflight_ret + if [[ -n $preflight_ret && $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then + whiptail_cancel + fi +fi + percentage=0 { - installer_progress_loop & # Run progress bar to 98 in ~8 minutes while waiting for package installs + installer_progress_loop 'Checking that all required packages are installed and enabled...' & # Run progress bar to 98 in ~8 minutes while waiting for package installs progress_bg_proc=$! installer_prereq_packages install_success=$? @@ -395,10 +412,6 @@ if [[ $is_manager && $is_node ]]; then ZEEKVERSION=${ZEEKVERSION:-ZEEK} fi -if [[ $is_node ]]; then - CURCLOSEDAYS=${CURCLOSEDAYS:-30} -fi - if [[ $is_import ]]; then PATCHSCHEDULENAME=${PATCHSCHEDULENAME:-auto} MTU=${MTU:-1500} @@ -430,6 +443,8 @@ if [[ $is_helix ]]; then fi if [[ $is_helix || $is_sensor ]]; then + echo "Verifying all network devices are managed by Network Manager that should be" >> "$setup_log" 2>&1 + check_network_manager_conf set_network_dev_status_list whiptail_sensor_nics fi @@ -473,7 +488,6 @@ if [[ $is_manager && ! $is_eval ]]; then fi if [[ $is_manager ]]; then - whiptail_components_adv_warning whiptail_enable_components if [[ "$STRELKA" = 1 ]]; then @@ -535,7 +549,6 @@ if [[ $is_node && ! $is_eval ]]; then collect_node_ls_pipeline_worker_count collect_node_ls_pipeline_batch_size collect_node_ls_input - collect_cur_close_days collect_es_space_limit else NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE @@ -751,7 +764,7 @@ echo "1" > /root/accept_changes set_progress_str 60 "$(print_salt_state_apply 'manager')" salt-call state.apply -l info manager >> $setup_log 2>&1 - + echo "Executing so-elastic-auth..." >> $setup_log 2>&1 ELASTIC_AUTH_SKIP_HIGHSTATE=true bash /opt/so/saltstack/default/salt/common/tools/sbin/so-elastic-auth true >> $setup_log 2>&1 echo "Finished so-elastic-auth..." >> $setup_log 2>&1 @@ -812,7 +825,9 @@ echo "1" > /root/accept_changes salt-call state.apply -l info soc >> $setup_log 2>&1 set_progress_str 70 "$(print_salt_state_apply 'kibana')" - salt-call state.apply -l info kibana >> $setup_log 2>&1 + salt-call state.apply -l info kibana.so_config_load >> $setup_log 2>&1 + salt-call state.apply -l info kibana.so_securitySolution_load >> $setup_log 2>&1 + salt-call state.apply -l info kibana.so_dashboard_load >> $setup_log 2>&1 set_progress_str 70 "Setting up default Space in Kibana" so-kibana-space-defaults >> $setup_log 2>&1 @@ -940,7 +955,6 @@ if [[ -n $SO_ERROR ]]; then SKIP_REBOOT=1 whiptail_setup_failed - else echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1 { @@ -962,11 +976,22 @@ else set_progress_str 99 'Waiting for TheHive to start up' check_hive_init >> $setup_log 2>&1 fi + + if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then + set_progress_str 99 'Enabling logscan' + so-learn enable logscan --apply >> $setup_log 2>&1 + fi + + if [[ -n $ENDGAMEHOST ]]; then + set_progress_str 99 'Configuring firewall for Endgame SMP' + so-firewall --apply includehost endgame $ENDGAMEHOST >> $setup_log 2>&1 + fi + } | whiptail_gauge_post_setup "Running post-installation steps..." + echo "Post-installation steps have completed. Awaiting user input to clean up installer." >> $setup_log 2>&1 whiptail_setup_complete [[ $setup_type != 'iso' ]] && whitpail_ssh_warning - echo "Post-installation steps have completed." >> $setup_log 2>&1 fi install_cleanup >> "$setup_log" 2>&1 diff --git a/setup/so-whiptail b/setup/so-whiptail index afd691632..5a0b7a819 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -83,8 +83,8 @@ whiptail_bond_nics_mtu() { } whiptail_cancel() { - - whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75 + [ -z "$TESTING" ] && whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75 + if [ -d "/root/installtmp" ]; then { echo "/root/installtmp exists"; @@ -95,7 +95,7 @@ whiptail_cancel() { title "User cancelled setup." - exit + exit 1 } whiptail_check_exitstatus() { @@ -110,13 +110,6 @@ whiptail_check_exitstatus() { esac } -whiptail_components_adv_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "$whiptail_title" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 -} - whiptail_create_admin_user() { [ -n "$TESTING" ] && return @@ -292,7 +285,7 @@ whiptail_storage_requirements() { You need ${needed_val} to meet minimum requirements. - Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. + Visit https://docs.securityonion.net/en/latest/hardware.html for more information. Select YES to continue anyway, or select NO to cancel. EOM @@ -306,18 +299,6 @@ whiptail_storage_requirements() { whiptail_check_exitstatus $exitstatus } -whiptail_cur_close_days() { - - [ -n "$TESTING" ] && return - - CURCLOSEDAYS=$(whiptail --title "$whiptail_title" --inputbox \ - "Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - whiptail_dhcp_or_static() { [ -n "$TESTING" ] && return @@ -408,9 +389,10 @@ whiptail_enable_components() { PLAYBOOK=0 STRELKA=0 +description="Choose optional services to be enabled for this installation. Be aware that the more services you enable the more RAM that is required." if [[ $is_eval ]]; then COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \ - "Select Components to install:" 20 75 8 \ + "$description" 20 75 8 \ GRAFANA "Enable Grafana for system monitoring" ON \ OSQUERY "Enable Fleet with osquery" ON \ WAZUH "Enable Wazuh" ON \ @@ -419,7 +401,7 @@ if [[ $is_eval ]]; then STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) else COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \ - "Select Components to install:" 20 75 7 \ + "$description" 20 75 7 \ OSQUERY "Enable Fleet with osquery" ON \ WAZUH "Enable Wazuh" ON \ THEHIVE "Enable TheHive" ON \ @@ -511,6 +493,8 @@ whiptail_end_settings() { [[ -n $WEBUSER ]] && __append_end_msg "Web User: $WEBUSER" [[ -n $FLEETNODEUSER ]] && __append_end_msg "Fleet User: $FLEETNODEUSER" + + [[ -n $FLEETCUSTOMHOSTNAME ]] && __append_end_msg "Fleet Custom Hostname: $FLEETCUSTOMHOSTNAME" if [[ $is_manager ]]; then __append_end_msg "Enabled Optional Components:" @@ -584,7 +568,6 @@ whiptail_end_settings() { __append_end_msg " Logstash Worker Count: $LSPIPELINEWORKERS" __append_end_msg " Logstash Batch Size: $LSPIPELINEBATCH" __append_end_msg " Logstash Input Threads: $LSINPUTTHREADS" - __append_end_msg " Curator Day Cutoff: $CURCLOSEDAYS days" __append_end_msg " Elasticsearch Storage Space: ${log_size_limit}GB" else __append_end_msg "Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE" @@ -592,7 +575,6 @@ whiptail_end_settings() { __append_end_msg "Logstash Worker Count: $LSPIPELINEWORKERS" __append_end_msg "Logstash Batch Size: $LSPIPELINEBATCH" __append_end_msg "Logstash Input Threads: $LSINPUTTHREADS" - __append_end_msg "Curator Close After: $CURCLOSEDAYS days" __append_end_msg "Elasticsearch Storage Space: ${log_size_limit}GB" fi @@ -739,7 +721,7 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose install type:" 12 65 5 \ + "Choose install type. \nSee https://docs.securityonion.net/architecture for details." 13 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ @@ -753,6 +735,11 @@ whiptail_install_type() { if [[ $install_type == "DISTRIBUTED" ]]; then whiptail_install_type_dist + if [[ $dist_option == "NEWDEPLOYMENT" ]]; then + whiptail_install_type_dist_new + else + whiptail_install_type_dist_existing + fi elif [[ $install_type == "OTHER" ]]; then whiptail_install_type_other fi @@ -763,13 +750,55 @@ whiptail_install_type() { whiptail_install_type_dist() { [ -n "$TESTING" ] && return + + dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ + "New Deployment " "Create a new Security Onion deployment" \ + "Existing Deployment " "Join to an exisiting Security Onion deployment " \ + 3>&1 1>&2 2>&3 + ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + dist_option=$(echo "${dist_option^^}" | tr -d ' ') +} + +whiptail_install_type_dist_new() { + [ -n "$TESTING" ] && return + + local mngr_msg + read -r -d '' mngr_msg <<- EOM + Choose a distributed manager type to start a new grid. - install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ - "SENSOR" "Create a forward only sensor " OFF \ + See https://docs.securityonion.net/architecture for details. + + Note: MANAGER is the recommended option for most users. MANAGERSEARCH should only be used in very specific situations. + EOM + + install_type=$(whiptail --title "$whiptail_title" --radiolist "$mngr_msg" 15 75 2 \ + "MANAGER" "New grid, requires separate search node(s) " ON \ + "MANAGERSEARCH" "New grid, separate search node(s) are optional " OFF \ + 3>&1 1>&2 2>&3 + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_install_type_dist_existing() { + [ -n "$TESTING" ] && return + + local node_msg + read -r -d '' node_msg <<- EOM + Choose a distributed node type to join to an existing grid. + + See https://docs.securityonion.net/architecture for details. + + Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users. + EOM + + install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 18 58 4 \ + "SENSOR" "Create a forward only sensor " ON \ "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ "FLEET" "Dedicated Fleet Osquery Node " OFF \ "HEAVYNODE" "Sensor + Search Node " OFF \ 3>&1 1>&2 2>&3 @@ -781,8 +810,6 @@ whiptail_install_type_dist() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - - export install_type } whiptail_install_type_other() { @@ -816,7 +843,6 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe [ -n "$TESTING" ] && return whiptail --title "$whiptail_title" --msgbox " Invalid input, please try again." 7 40 - } whiptail_invalid_proxy() { @@ -843,7 +869,7 @@ whiptail_invalid_pass_characters_warning() { [ -n "$TESTING" ] && return - whiptail --title "$whiptail_title" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 + whiptail --title "$whiptail_title" --msgbox "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." 8 75 } whiptail_invalid_pass_warning() { @@ -863,10 +889,21 @@ whiptail_invalid_user_warning() { whiptail_invalid_hostname() { [ -n "$TESTING" ] && return + local is_manager_hostname + is_manager_hostname="$1" + local error_message - error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \ - the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ - and hyphen ('-')" | tr -d '\t') + read -r -d '' error_message <<- EOM + Please choose a valid hostname. It cannot be localhost. It must contain only the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', and hyphen ('-'). + EOM + + if [[ $is_manager_hostname = 0 ]]; then + local error_message + read -r -d '' error_message <<- EOM + Please enter a valid hostname. The manager hostname cannot be localhost or the chosen hostname for this machine. + EOM + + fi whiptail --title "$whiptail_title" \ --msgbox "$error_message" 10 75 @@ -911,6 +948,7 @@ whiptail_first_menu_iso() { option=$(echo "${option^^}" | tr -d ' ') } + whiptail_make_changes() { [ -n "$TESTING" ] && return @@ -959,30 +997,15 @@ whiptail_management_interface_gateway() { whiptail_management_interface_ip_mask() { [ -n "$TESTING" ] && return - manager_ip_mask=$(whiptail --title "$whiptail_title" --inputbox \ - "Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3) + local msg + read -r -d '' msg <<- EOM + What IPv4 address would you like to assign to this Security Onion installation? - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} + Please enter the IPv4 address with CIDR mask + (e.g. 192.168.1.2/24): + EOM -whiptail_management_interface_ip() { - - [ -n "$TESTING" ] && return - - MIP=$(whiptail --title "$whiptail_title" --inputbox \ - "Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_management_interface_mask() { - - [ -n "$TESTING" ] && return - - MMASK=$(whiptail --title "$whiptail_title" --inputbox \ - "Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3) + manager_ip_mask=$(whiptail --title "$whiptail_title" --inputbox "$msg" 12 60 "$1" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -1508,6 +1531,20 @@ whiptail_patch_schedule_select_hours() { } +whiptail_preflight_err() { + [ -n "$TESTING" ] && return 1 + + read -r -d '' message <<- EOM + The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details. + + Would you like to exit setup? + EOM + + whiptail --title "$whiptail_title" \ + --yesno "$message" 11 75 \ + --yes-button "Continue" --no-button "Exit" --defaultno +} + whiptail_proxy_ask() { [ -n "$TESTING" ] && return @@ -1661,11 +1698,16 @@ whiptail_set_redirect() { [ -n "$TESTING" ] && return + local options=() + options+=( "IP" "Use IP address to access the web interface" ON ) + [[ $no_use_hostname != true ]] && options+=( "HOSTNAME" "Use hostname to access the web interface" OFF ) + options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF) + REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \ - "How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ - "IP" "Use IP address to access the web interface" ON \ - "HOSTNAME" "Use hostname to access the web interface" OFF \ - "OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 ) + "How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ + "${options[@]}" \ + 3>&1 1>&2 2>&3 + ) local exitstatus=$? whiptail_check_exitstatus $exitstatus } @@ -1729,7 +1771,7 @@ whiptail_so_allow_yesno() { [ -n "$TESTING" ] && return whiptail --title "$whiptail_title" \ - --yesno "Do you want to run so-allow to allow access to the web tools?" \ + --yesno "Do you want to run so-allow to allow other machines to access this Security Onion installation via the web interface?" \ 8 75 } @@ -1790,7 +1832,7 @@ whiptail_storage_requirements() { You need ${needed_val} to meet minimum requirements. - Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. + Visit https://docs.securityonion.net/en/latest/hardware.html for more information. Press YES to continue anyway, or press NO to cancel. EOM @@ -1844,18 +1886,36 @@ whiptail_suricata_pins() { } -whiptail_node_updates() { +# shellcheck disable=2120 +whiptail_uppercase_warning() { [ -n "$TESTING" ] && return + + local type=$1 - NODEUPDATES=$(whiptail --title "$whiptail_title" --radiolist \ - "How would you like to download OS package updates for your grid?" 20 75 4 \ - "MANAGER" "Manager node is proxy for updates." ON \ - "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) + local msg + if [[ -z $type ]]; then + type="hostname" + read -r -d '' msg <<- EOM + The value "$HOSTNAME" contains uppercase characters. + + Continuing with this hostname could render the system unusable in certain cases, and will also disable the option later in setup to access Security Onion's web interface via the hostname. + EOM + else + read -r -d '' msg <<- EOM + The value "$REDIRECTHOST" contains uppercase characters. + + Continuing with this value could render the system unusable in certain cases. + EOM + fi - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + read -r -d '' msg <<- EOM + $msg + For best results, it is recommended to only use lowercase ${type}s with Security Onion. For more information see https://docs.securityonion.com/uppercase (URL TBD) + EOM + + whiptail --title "$whiptail_title" --yesno "$msg" --yes-button "Continue anyway" --no-button "Go back" --defaultno 16 75 } whiptail_you_sure() { @@ -1865,8 +1925,9 @@ whiptail_you_sure() { read -r -d '' you_sure_text <<- EOM Welcome to Security Onion Setup! - You can use Setup for lots of different use cases from a small standalone installation to a large distributed deployment for your enterprise. - + You can use Setup for lots of different use cases from a small standalone installation to a large distributed deployment for your enterprise. Don't forget to review the documentation at: + https://docs.securityonion.net + Setup uses keyboard navigation and you can use arrow keys to move around. Certain screens may provide a list and ask you to select one or more items from that list. You can use [SPACE] to select items and [ENTER] to proceed to the next screen. Would you like to continue? diff --git a/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig b/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig new file mode 100644 index 000000000..b6213a63d Binary files /dev/null and b/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig differ diff --git a/sigs/securityonion-2.3.60-ECSFIX.iso.sig b/sigs/securityonion-2.3.60-ECSFIX.iso.sig new file mode 100644 index 000000000..cc55927fa Binary files /dev/null and b/sigs/securityonion-2.3.60-ECSFIX.iso.sig differ diff --git a/sigs/securityonion-2.3.60-FBPIPELINE.iso.sig b/sigs/securityonion-2.3.60-FBPIPELINE.iso.sig new file mode 100644 index 000000000..56418a152 Binary files /dev/null and b/sigs/securityonion-2.3.60-FBPIPELINE.iso.sig differ diff --git a/sigs/securityonion-2.3.61-MSEARCH.iso.sig b/sigs/securityonion-2.3.61-MSEARCH.iso.sig new file mode 100644 index 000000000..52b3b7645 Binary files /dev/null and b/sigs/securityonion-2.3.61-MSEARCH.iso.sig differ diff --git a/sigs/securityonion-2.3.61-STENODOCKER.iso.sig b/sigs/securityonion-2.3.61-STENODOCKER.iso.sig new file mode 100644 index 000000000..aad56a116 Binary files /dev/null and b/sigs/securityonion-2.3.61-STENODOCKER.iso.sig differ diff --git a/sigs/securityonion-2.3.61.iso.sig b/sigs/securityonion-2.3.61.iso.sig new file mode 100644 index 000000000..4e191e92e Binary files /dev/null and b/sigs/securityonion-2.3.61.iso.sig differ diff --git a/sigs/securityonion-2.3.70-CURATOR.iso.sig b/sigs/securityonion-2.3.70-CURATOR.iso.sig new file mode 100644 index 000000000..a9dfc3d1d Binary files /dev/null and b/sigs/securityonion-2.3.70-CURATOR.iso.sig differ diff --git a/sigs/securityonion-2.3.70-GRAFANA.iso.sig b/sigs/securityonion-2.3.70-GRAFANA.iso.sig new file mode 100644 index 000000000..8abec2097 Binary files /dev/null and b/sigs/securityonion-2.3.70-GRAFANA.iso.sig differ diff --git a/sigs/securityonion-2.3.70-WAZUH.iso.sig b/sigs/securityonion-2.3.70-WAZUH.iso.sig new file mode 100644 index 000000000..43ce74d15 Binary files /dev/null and b/sigs/securityonion-2.3.70-WAZUH.iso.sig differ diff --git a/sigs/securityonion-2.3.70.iso.sig b/sigs/securityonion-2.3.70.iso.sig new file mode 100644 index 000000000..68cedd6be Binary files /dev/null and b/sigs/securityonion-2.3.70.iso.sig differ diff --git a/sigs/securityonion-2.3.80.iso.sig b/sigs/securityonion-2.3.80.iso.sig new file mode 100644 index 000000000..4fa76de2e Binary files /dev/null and b/sigs/securityonion-2.3.80.iso.sig differ diff --git a/tests/validation.sh b/tests/validation.sh index d16c8bbb9..6f396141e 100644 --- a/tests/validation.sh +++ b/tests/validation.sh @@ -1,6 +1,6 @@ #!/bin/bash -. ../salt/common/tools/sbin/so-common +. "$(dirname "$0")"/../salt/common/tools/sbin/so-common script_ret=0 @@ -46,7 +46,7 @@ test_fun 1 valid_fqdn "rwwiv." test_fun 1 valid_fqdn "" -sleep 0.15s +sleep 0.15 header "ip4" @@ -62,13 +62,13 @@ test_fun 1 valid_ip4 "192.168.1.1." test_fun 1 valid_ip4 "" -sleep 0.15s +sleep 0.15 header "CIDR (ipv4)" test_fun 0 valid_cidr "192.168.1.0/24" -test_fun 0 valid_cidr "192.168.1.0/12" +test_fun 0 valid_cidr "192.160.0.0/12" test_fun 1 valid_cidr "192.168.1.0" @@ -78,7 +78,23 @@ test_fun 1 valid_ip4 "/24" test_fun 1 valid_cidr "" -sleep 0.15s +sleep 0.15 + +header "ip4 with CIDR mask" + +test_fun 0 valid_ip4_cidr_mask "192.168.1.12/24" + +test_fun 0 valid_ip4_cidr_mask "192.168.1.12/16" + +test_fun 1 valid_ip4_cidr_mask "192.168.9.12/54" + +test_fun 1 valid_cidr "192.168.1.0" + +test_fun 1 valid_ip4 "192.168.1.0/" + +test_fun 1 valid_ip4 "/24" + +test_fun 1 valid_cidr "" header "CIDR list" @@ -90,7 +106,7 @@ test_fun 1 valid_cidr_list "10.0.0.0/8,192.168.0.0/16172.16.0.0/12" test_fun 1 valid_cidr_list "10.0.0.0" -sleep 0.15s +sleep 0.15 header "DNS" @@ -104,9 +120,9 @@ test_fun 1 valid_dns_list "8.8.8.,8.8.4.4" test_fun 1 valid_dns_list "192.168.9." -sleep 0.15s +sleep 0.15 -header "int (default min: 1, default max: 1000)" +header "int (default min: 1, default max: 1000000000)" test_fun 0 valid_int "24" @@ -114,9 +130,9 @@ test_fun 0 valid_int "1" test_fun 0 valid_int "2" "2" -test_fun 0 valid_int "1000" +test_fun 0 valid_int "1000000000" -test_fun 1 valid_int "10001" +test_fun 1 valid_int "1000000001" test_fun 1 valid_int "24" "" "20" @@ -130,7 +146,7 @@ test_fun 1 valid_int "not_a_num" test_fun 1 valid_int "" -sleep 0.15s +sleep 0.15 header "hostname" @@ -146,7 +162,7 @@ test_fun 1 valid_hostname "localhost" test_fun 1 valid_hostname "" -sleep 0.15s +sleep 0.15 header "string (default min_length: 1, default max_length: 64)" @@ -168,7 +184,7 @@ test_fun 1 valid_string "too_long" "" "4" test_fun 1 valid_string "" -sleep 0.15s +sleep 0.15 header "Linux user"